Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. Mark Rasch , a former cybercrime prosecutor for the U.S. As well as the cost of my services.”

Cybercrime 336

Cybercrime Accountability Identity Theft Hacking 336

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation.

Malware 122

Malware Government Hacking Cybersecurity 122

Krebs on Security

NOVEMBER 14, 2024

Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.”

Advertising 283

Advertising Retail Cryptocurrency Cybercrime 283

Krebs on Security

NOVEMBER 9, 2024

One English-speaking cybercriminal who goes by the nicknames “ Pwnstar ” and “ Pwnipotent ” has been selling fake EDR services on both Russian-language and English cybercrime forums. Matt Donahue is the former FBI agent who founded Kodex in 2021. ” An ad from Pwnstar for fake EDR services.

Hacking 303

Hacking Accountability Government Social Engineering 303

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware 331

Malware Cybercrime Internet Internet 331

Security Affairs

MAY 13, 2025

A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting Dutch companies. million in damage. million euros.” million euros.”

Ransomware 108

Ransomware Cybercrime Malware Banking 108

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us. In 2013, U.S.

Malware 312

Malware Passwords Accountability Advertising 312

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime 126

Cybercrime Malware Backups Manufacturing 126

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams 86

Scams Media Cryptocurrency Cybercrime 86

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 245

Malware VPN Internet Internet 245

Security Affairs

NOVEMBER 20, 2021

The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation. Last week researchers from multiple cybersecurity firms ([Cryptolaemus], [GData], and [Advanced Intel]) reported that threat actors are using the TrickBot malware to drop an Emoted loader on infected devices.

Cybercrime 138

Cybercrime Ransomware Banking Malware 138

Security Affairs

DECEMBER 23, 2021

Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8). Pierluigi Paganini.

Malware 145

Malware Hacking Ransomware Cybercrime 145

Security Affairs

OCTOBER 27, 2024

They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware. “On Friday, October 25, the St.

Ransomware 143

Ransomware Hacking Malware Cybercrime 143

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. The nickname “ YBCat ” advertised that same ToX ID on Carder[.]uk,

Ransomware 345

Ransomware Accountability Cybercrime Malware 345

Krebs on Security

MARCH 31, 2023

FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. A seizure notice left on the FlyHosting domains. Image: Ke-la.com.

DDOS 326

DDOS Internet Internet Cybercrime 326

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime 141

Cybercrime Ransomware DDOS Encryption 141

SecureList

FEBRUARY 23, 2022

The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. SpyEye, developed in 2009 and described as a “bank Trojan with a form grabbing capability”, surged from the eighth most common banking malware tool with a 3.4% Methodology.

Banking 140

Banking Phishing Cryptocurrency Malware 140

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 2021-12-05 12:06:03 2021-12-05 13:19:35 149.154.167.91

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. “Sorry, but this is f *d up.

Ransomware 309

Ransomware Healthcare Cybercrime Government 309

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. Each week, it will feature a collection of the best articles and research on malware. This newsletter complements the weekly one you already receive.

Malware 121

Malware Spyware Cybercrime Ransomware 121

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 109

Architecture Internet Internet Malware 109

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

Cyber Attacks 142

Cyber Attacks Ransomware Insurance Hacking 142

Krebs on Security

DECEMBER 5, 2022

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba , one of the Internet’s largest and oldest botnets. ” A report from the Polish computer emergency response team (CERT Orange Polksa) found Glupteba was the biggest malware threat in 2021.

Cybercrime 316

Cybercrime Malware Internet Internet 316

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 253

Hacking Cybercrime Ransomware Government 253

Krebs on Security

MAY 4, 2021

Which means when a cybercrime forum gets hacked and its user databases posted online, it is often possible to work backwards from some of the more unique passwords for each account and see where else that password was used. Mistake number two was the password for his email account was the same as his cybercrime forum admin account.

Passwords 346

Passwords Cybercrime Accountability Password Management 346

SecureList

JUNE 15, 2023

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community.

Malware 144

Malware Ransomware Cybercrime Hacking 144

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. 2021 piece, when one of Saim Raza’s known email addresses — bluebtcus@gmail.com — pleaded to have the story taken down.

Phishing 309

Phishing Cybercrime Malware Advertising 309

Security Affairs

JUNE 19, 2025

The ongoing investigation, which began earlier this year, suggests that the credentials were collected through multiple infostealer malware strains. Alarming new leaks keeps surfacing, showing infostealer malware is widespread. The RockYou2024 compilation is an expansion of the RockYou2021 collection that was discovered in 2021.

Data breaches 116

Data breaches Identity Theft Passwords Malware 116

Security Affairs

NOVEMBER 19, 2021

million from ransom payments since July 2021. million from attacks and subsequent ransoms carried out since July 2021. Conti ransomware operators run a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections.

Ransomware 144

Ransomware Cybercrime Malware Hacking 144

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. billion to $120 billion of the revenue in 2021, which is more than half of the estimated gaming industry value. billion in the first half of 2021. billion in the first half of 2021.

Adware 140

Adware Mobile Phishing Malware 140

SecureList

NOVEMBER 26, 2021

IT threat evolution Q3 2021. IT threat evolution in Q3 2021. IT threat evolution in Q3 2021. While tracking this threat actor in spring 2021, we discovered a newer version. The malware tries to spread to other hosts on the network by infecting USB drives. Targeted attacks exploiting CVE-2021-40444.

Malware 135

Malware Banking Energy and Utilities Accountability 135

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 120

Cybercrime Telecommunications DNS Technology 120

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

MAY 4, 2025

“According to the indictment, from March 2021 to June 2023, Ahmed and others infected computer networks of several U.S.-based In June 2020, Black Kingdom ransomware operators started targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. The US authorities believe he is residing in Yemen.

Ransomware 115

Ransomware Encryption Cryptocurrency Malware 115

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability 145

Accountability Malware Data breaches Passwords 145

Security Affairs

NOVEMBER 15, 2021

The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation. Now researchers from multiple cybersecurity firms ([Cryptolaemus], [GData], and [Advanced Intel]) reported that threat actors are using the TrickBot malware to drop an Emoted loader on infected devices.

Malware 142

Malware Banking Hacking Ransomware 142