Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. ” reads the post published by Sophos.

Malware 139

Malware Authentication Passwords Internet 139

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware 107

Malware DNS Encryption Cryptocurrency 107

Security Affairs

APRIL 12, 2019

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land ( LotL ) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency. “The malware also uses the pass the hash method, wherein it authenticates itself to remote servers using the user’s hashed password.

Malware 78

Malware Cryptocurrency Passwords Advertising 78

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 128

DNS Cryptocurrency Internet Internet 128

Security Affairs

JUNE 4, 2021

Researchers noticed that malware authors have added multiple exploits for over 10 different web applications and the SMB protocol. Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload.

Malware 114

Malware Passwords DDOS IoT 114

Malwarebytes

APRIL 11, 2022

Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda , the serverless computing platform of Amazon Web Services (AWS). The malware’s name is inspired by the domain the threat actors behind the cryptominer communicate with.

Malware 84

Malware Accountability Encryption Software 84

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 48

Cryptocurrency Passwords Authentication Accountability 48

Security Affairs

MARCH 21, 2022

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The malware implements six methods to generate IPs with the help of a pseudo-random generator.

Malware 73

Malware Passwords DDOS Internet 73

Security Affairs

JANUARY 14, 2022

The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions.

Cryptocurrency 93

Cryptocurrency Banking Passwords Malware 93

Krebs on Security

MAY 4, 2023

In 2017, U.S. law enforcement seized the cryptocurrency exchange BTC-e , and the Secret Service said those records show that a Denis Kulkov from Samara supplied the username “ Nordexin ,” email address nordexin@ya.ru, and an address in Samara. This and other “nordia@” emails shared a password: “ anna59.”

Marketing 235

Marketing Cybercrime Accountability Cryptocurrency 235

Security Affairs

SEPTEMBER 19, 2018

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017.

IoT 81

IoT Passwords Malware Advertising 81

Security Affairs

APRIL 26, 2019

Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. ” reads the analysis published Symantec. “ Beapy ( W32.Beapy

Cryptocurrency 59

Cryptocurrency Malware Advertising Phishing 59

Malwarebytes

JULY 30, 2021

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [ 1 ][ 2 ] on the Microsoft Security blog.

Malware 88

Malware Penetration Testing Passwords Antivirus 88

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted. million customers impacted. million customers impacted.

Data breaches 61

Data breaches Hacking Cryptocurrency Scams 61

SiteLock

AUGUST 27, 2021

Even as the number of attacks rose, only 60,000 sites in our sample were actually compromised — which is comparable to our 2017 findings. At the beginning of last year, many predicted that cryptocurrency mining would be one of the year’s biggest cybersecurity risks. If malware is discovered, it should also be automatically mitigated.

Cybersecurity 98

Cybersecurity Engineering Firewall Malware 98

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware 91

Malware Ransomware Encryption Energy and Utilities 91

SecureList

FEBRUARY 25, 2021

After taking a closer look, we identified the malware used in those attacks as belonging to a family that we call ThreatNeedle. We have seen Lazarus attack various industries using this malware cluster before. Nonetheless, a related malicious document with this malware was retrieved based on our telemetry. Malware implants.

Malware 133

Malware Phishing Passwords Encryption 133

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 73

Malware Spyware Cryptocurrency Government 73

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Another trend was disguising malware in emails.

Ransomware 71

Ransomware Antivirus Malware Banking 71

SecureList

MARCH 31, 2021

A few Brazilian malware families expanded their operations to other continents, targeting victims in Europe and Asia. Even though, in 2020, we have seen ever more sophisticated cyberattacks, the overall statistics look encouraging: the number of users hit by computer and mobile malware declines, so does financial phishing. Methodology.

Banking 118

Banking Phishing Malware Mobile 118

eSecurity Planet

SEPTEMBER 14, 2022

According to statistics from the FBI’s 2021 Internet Crime Report , complaints to the Internet Crime Complaint Center (IC3) have been rising since 2017. Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way.

Social Engineering 118

Social Engineering Energy and Utilities Phishing Scams 118

Security Affairs

OCTOBER 28, 2019

Object-3 exploiting CVE-2017-11882. If you are familiar with CVE-2017-11882, you might notice it immediately, but if you aren’t you might take a look to HERE (for the exploit generation) to HERE (for an example) and HERE (for CVE original disclosure). Everything looks like real except for the third object included into the Excel file.

Engineering 44

Engineering Passwords Malware Advertising 44

Security Affairs

MARCH 19, 2019

New malware in gang’s arsenal. In January 2019, Group-IB specialists obtained information about previously unknown malware sample used in this attack, dubbed by Group-IB RATv3.ps The malware spreader as part of this campaign was primarily aimed at collecting information from the victim’s computer according to various commands.

Banking 79

Banking Government Passwords Marketing 79

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Impacted T-Mobile customers are recommended to change their password, PIN, and security questions. Unfortunately, this isn’t the first data breach suffered by T-Mobile in the past years.

Mobile 92

Mobile Telecommunications Data breaches Identity Theft 92

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance.

Phishing 90

Phishing Scams Accountability Energy and Utilities 90

The Last Watchdog

AUGUST 3, 2018

You may recall EternalBlue was one of the cyber weapons stolen from the NSA and used in the milestone WannaCry ransomware attack in the spring of 2017. The more times the tampered image was used to spawn new instances, the more “productive” it would be for attackers, as each new workload would start mining cryptocurrency.

Data breaches 213

Data breaches Cryptocurrency Ransomware Passwords 213

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. used the password 225948. Dmitry Yuryevich Khoroshev. Image: treasury.gov. On May 7, the U.S. and admin@stairwell.ru

Ransomware 230

Ransomware Cybercrime Accountability Malware 230

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. Exploring the malware code, we detected multiple evidence indication of the possible belonging malware family: LimeRAT. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords.

Malware 71

Malware Advertising DNS Antivirus 71

SiteLock

AUGUST 27, 2021

Over time, we predict a decrease in “noisy” attacks such as SEO spam and redirects: As malware scanners and website developers advance their techniques, these types of attacks are easier to detect and remove. Likewise, as user awareness grows, cybercriminals are also moving away from noisy attacks. Stealthy Cybersecurity Risks for SMBs.

Small Business 98

Small Business Cybersecurity Phishing DDOS 98

SecureList

MAY 31, 2021

Attempts to run malware designed to steal money via online access to bank accounts were stopped on the computers of 118,099 users. At the end of last year, the number of users attacked by malware designed to steal money from bank accounts gradually decreased, a trend that continued in Q1 2021. Top 10 banking malware families.

Mobile 87

Mobile Adware Ransomware Malware 87

Security Boulevard

JUNE 15, 2023

Stealers" are a kind of malware designed to run on an endpoint post-compromise, while their primary features center on the theft of user data. Together with our colleagues at InQuest, we present a deep dive technical analysis of the malware. This is the story of information stealers today. But it doesn't stop there.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

SecureList

MARCH 28, 2023

We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. The only way to prevent such attacks is to be extremely cautious and attentive, or use a decent anti-malware solution to detect a piece of malicious code. They were replicated and reused in other malware too.

Cryptocurrency 100

Cryptocurrency Malware Banking Passwords 100

eSecurity Planet

FEBRUARY 16, 2021

” Ransomware is pretty simple: malware is installed covertly on a system and executes a cryptovirology attack that locks or encrypts valuable files on the network. For access to the decryption key, the victim must make prompt payment, often in cryptocurrency shielding the attacker’s identity. Offline Backups.

Ransomware 97

Ransomware Backups Software Encryption 97

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware 254

Ransomware Accountability Cybercrime Passwords 254

SecureList

NOVEMBER 18, 2022

Rootkits are malware implants that are installed deep in the operating system. However, on one of the infected machines, we found malware that we think is probably related to CosmicStrand. This malware creates a user named “aaaabbbb” in the operating system with local administrator rights.

Malware 100

Malware Computers and Electronics Adware Cryptocurrency 100

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. From here, the malware executes a new thread when specific and hardcoded web-browsers are opened.

Antivirus 119

Antivirus Malware Banking Internet 119