2018, Antivirus, Malware and Passwords - Cyber Security Informer

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

FEBRUARY 16, 2019

Researchers at Cybereason’s Nocturnus team have uncovered a new Astaroth Trojan campaign that is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and drop malicious modules. According to the experts, LOLbins are very effecting in evading antivirus software.

Antivirus

Antivirus Passwords Malware Advertising

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The malware stole nearly 26 million login credentials holding 1.1

Malware

Malware Computers and Electronics Software Financial Services

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

OCTOBER 11, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper.

Malware

Malware Passwords Advertising Antivirus

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Cryptocurrency Internet Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Use a password manager.

Passwords

Passwords Password Management Antivirus Internet

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising

Advertising Antivirus Software Malware

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. These two software are currently unknown to most if not all antivirus companies.” “The 911[.]re ” A depiction of the Proxygate service.

VPN

VPN Computers and Electronics Antivirus Software

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email.

Ransomware

Ransomware Antivirus Malware Banking

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. ” continues the analysis. .

Antivirus

Antivirus Malware Advertising Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. RaaS rollout 2015 – 2018. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Apple shines and buffs Mac security—Is it enough to stop today’s malware?

Malwarebytes

MARCH 17, 2021

Several effective Mac-facing miners joined the crypto-rush in 2018. In the 2020 State of Malware Report, Malwarebytes researchers found that Mac malware—primarily backdoors, data stealers, and cryptominers—had risen by 61 percent over the previous year. No matter the malware. Securing themselves in the foot.

Malware

Malware Adware Software Passwords

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. How Microsoft Excel is able to decrypt such a content if no password is requested to the end user? That object was crafted on 2018-10-09 but it was seen only on 2018-10-12.

Malware

Malware Computers and Electronics Encryption Penetration Testing

Researchers offer advice on how to block WFH employees from downloading pirated software

SC Magazine

JUNE 18, 2021

Discord booth at the 2018 PAX West at the Washington State Convention Center in Seattle, Washington. The malware also sends the name of the pirated software that the user was hoping to obtain to a website that delivers a secondary payload. At least some of the malware was hosted on the game chat service Discord.

Software

Software Malware Antivirus CISO

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. Regularly back up data, air gap, and password protect backup copies offline. . Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Passwords

Passwords Government Firmware Accountability

Are your remote or furloughed employees a security threat?

IT Security Guru

MAY 14, 2021

Resetting passwords on personal devices. How good are you at remembering your passwords? The better you are at creating strong, unique passwords, the less likely you are to remember them. Luckily, our clever devices have a way of remembering all of our passwords for us. Password reset links, of course.

Passwords

Passwords Phishing Security Awareness Malware

Who Is Agent Tesla?

Krebs on Security

OCTOBER 22, 2018

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. MALWARE OR BENIGN REMOTE ACCESS TOOL?

Software

Software Accountability Malware Healthcare

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. This malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’ systems.

Malware

Malware DNS Encryption Cryptocurrency

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

Wireless security is critical because these networks are subject to eavesdropping, interception, data theft, denial of services ( DoS ) assaults, and malware infestations. For example, Wi-Fi protected access (WPA) requires users to provide a password or passphrase to gain access to the network.

Wireless

Wireless Encryption Authentication IoT

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. The features include the redirect functionality, content password protection or image hot link prevention. Researchers at Sucuri are warning Joomla and WordPress websites admins of malicious hypertext access (.htaccess)

Advertising

Advertising Malware Antivirus Software

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. “Yehuo” ( ? ? ) Two of those domains registered to tosaka1027@gmail.com — elsyzsmc[.]com

Mobile

Mobile Technology Manufacturing Malware

Malicious Microsoft Drivers Could Number in the Thousands: Cisco Talos

eSecurity Planet

JULY 13, 2023

“Without signature enforcement, malicious drivers would be extremely difficult to defend against as they can easily evade anti-malware software and endpoint detection.” The tools are FuckCertVerifyTimeValidity, which was launched in 2018; and HookSignTool, available since 2019. Then this entire threat is gone.”

Software

Software Antivirus Passwords Malware

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

Security Affairs

JULY 21, 2018

Security experts from Kaspersky Lab have discovered a precursor of the infamous Proton macOS malware that was named Calisto. Malware researchers from Kaspersky Lab have discovered a malware, tracked as Calisto, that appears to be to the precursor of the Proton macOS malware. Use antivirus software.

Antivirus

Antivirus Advertising Malware Accountability

VSDC video editing software website hacked again

Security Affairs

APRIL 11, 2019

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware. The hackers already compromised the official website of VSDC in the past, in previous attacks they hijacked the download links to deliver malware to the victims. 2, and the Trojan. ” The Win32.Bolik.2

Software

Software Hacking Banking Malware

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018. The malware was named ‘Lampion’ as this is the name used as part of its internal name. dll) was sent to the VirusTotal by SI-LAB, and 12 from 71 engines classified it as malware. Lampion trojan (P-19-2.dll)

Malware

Malware Internet Internet Antivirus

Attacks against game companies are up. But why?

SC Magazine

JUNE 25, 2021

Malicious hackers are increasingly mobbing the video game industry, with major companies suffering data breaches, having their source code sold or leaked online and games serving as playgrounds to push malware or mine cryptocurrencies. billion attacks tracked by the company across different countries.

Computers and Electronics

Computers and Electronics Media Marketing Cryptocurrency

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. According to the experts, the operation is in a consolidation stage, first samples date back to November 2018, with a massive spike in December and January.

Spyware

Spyware Adware Malware Accountability

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. “Yehuo” ( ? ? ) Two of those domains registered to tosaka1027@gmail.com — elsyzsmc[.]com

Mobile

Mobile Technology Manufacturing Software

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware

Malware Ransomware Encryption Energy and Utilities

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware

Malware Banking Energy and Utilities Accountability

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. On January 17, 2018, the hacker shared exactly how many buyers he had at the time: 18. In late October 2018, Fxmsp and Lampeduza’s activity became threatened. Proxy seller.

Antivirus

Antivirus Advertising Hacking Banking

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

At every turn in the infection chain, the malware uses legitimate services to evade detection. ” The Astaroth Trojan was first spotted by security firm Cofense in late 2018 when it was involved in a campaign targeting Europe and Brazil. According to the experts, LOLbins are very effecting in evading antivirus software. .

Phishing

Phishing Malware Encryption Network Security

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” WHOLESALE PASSWORD THEFT. “Maybe you chat to them lets see if that works,” the email suggested.

Passwords

Passwords Ransomware Password Management Malware

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store. PoC: [link] #malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert. — Privacy 1st (@privacyis1st) August 20, 2018.

Adware

Adware DNS Malware Advertising

Spam and phishing in 2020

SecureList

FEBRUARY 15, 2021

The email antivirus was triggered most frequently by email messages containing members of the Trojan.Win32.Agentb Agentb malware family. We assume that those who called the numbers were asked to provide the login and password for the service that the scammers were imitating, or to pay for some diagnostics and troubleshooting services.

Phishing

Phishing Malware Scams Accountability

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

” Ransomware is pretty simple: malware is installed covertly on a system and executes a cryptovirology attack that locks or encrypts valuable files on the network. Ransomware frequently contains extraction capabilities that can steal critical information like usernames and passwords, so stopping ransomware is serious business.

Ransomware

Ransomware Backups Software Encryption

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services. One of several current Fudtools sites run by The Manipulaters. Shahzad’s postings on Facebook are even more revelatory: On Aug.

Software

Software Phishing Cybercrime Accountability

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

OCTOBER 30, 2023

Read More: 5 Best Antivirus Software Solutions for 2023 Top Endpoint Detection and Response (EDR) Solutions in 2023 October 26, 2023 Apple Issues Second Urgent Patch for ACE Vulnerability Type of attack: Attackers install espionage software TriangleDB on iPhones and iPads released before September 2023 (pre-iOS 15.7).

Authentication

Authentication Mobile Accountability Software

IT threat evolution Q1 2021. Non-mobile statistics

SecureList

MAY 31, 2021

Attempts to run malware designed to steal money via online access to bank accounts were stopped on the computers of 118,099 users. At the end of last year, the number of users attacked by malware designed to steal money from bank accounts gradually decreased, a trend that continued in Q1 2021. Top 10 banking malware families.

Mobile

Mobile Adware Ransomware Malware

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team.

Ransomware

Ransomware Accountability Cybercrime Passwords

What Is Malware? Understanding the Basics of Website Malware

SiteLock

AUGUST 27, 2021

Malware has infected roughly a third of the world’s computers , costing companies across the globe trillions of dollars each year. In 2014, nearly 1 million new pieces of malware were released every day, but most hackers relied on old techniques to create new threats. But first we’ll answer a basic question: What is malware?

Malware

Malware Small Business Computers and Electronics Adware

Why Malware Crypting Services Deserve More Scrutiny

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Webinars

Trending Sources

Mysterious custom malware used to steal 1.2TB of data from million PCs

Webinars

Ezuri memory loader used in Linux and Windows malware

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Who’s Behind the RevCode WebMonitor RAT?

A Closer Look at the Snatch Data Ransom Group

A Deep Dive Into the Residential Proxy Service ‘911’

Ransomware Revival: Troldesh becomes a leader by the number of attacks

A new variant of HawkEye stealer emerges in the threat landscape

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Apple shines and buffs Mac security—Is it enough to stop today’s malware?

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Researchers offer advice on how to block WFH employees from downloading pirated software

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Are your remote or furloughed employees a security threat?

Who Is Agent Tesla?

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

StripedFly: Perennially flying under the radar

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Tracing the Supply Chain Attack on Android

Malicious Microsoft Drivers Could Number in the Thousands: Cisco Talos

Experts discovered Calisto macOS Trojan, the first member of Proton RAT family

VSDC video editing software website hacked again

A new trojan Lampion targets Portugal

Attacks against game companies are up. But why?

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Tracing the Supply Chain Attack on Android

IT threat evolution Q3 2023

IT threat evolution Q3 2021

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Astaroth Trojan leverages Facebook and YouTube to avoid detection

The Hidden Cost of Ransomware: Wholesale Password Theft

Apple removed the popular app Adware Doctor because steals user browsing history

Spam and phishing in 2020

Ransomware Protection in 2021

“FudCo” Spam Empire Tied to Pakistani Software Firm

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

IT threat evolution Q1 2021. Non-mobile statistics

Who’s Behind the GandCrab Ransomware?

What Is Malware? Understanding the Basics of Website Malware

Stay Connected