2022, Cybercrime, Information Security and Malware

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime

Cybercrime Malware Backups Manufacturing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Threat Report Portugal: Q3 & Q4 2022 compiles data collected on the malicious campaigns that occurred from Jully to December, Q3 and Q4, 2022. in Q2 2022.

Threat Reports

Threat Reports Phishing Malware Banking

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S.

Malware

Malware DDOS Architecture Cryptocurrency

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The cybercrime gang has been active since at least January 2020. SecurityAffairs – hacking, cybercrime). ” concludes the experts. Pierluigi Paganini.

Cybercrime

Cybercrime Malware Cryptocurrency Hacking

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. Pierluigi Paganini.

Cybercrime

Cybercrime Malware DDOS Ransomware

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. Phishing and Malware Q2 2022. in Q1 2022.

Threat Reports

Threat Reports Phishing Banking Malware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware

Malware DDOS IoT Cybercrime

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 4 Run a Linux command in a separate thread.

Malware

Malware VPN Encryption Hacking

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Further evidence linking the two includes IP addresses and specific TTPs (tactics, techniques, and procedures) used by FIN7 in early 2022 and seen months later in actual Black Basta attacks. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Cybercrime

Cybercrime Ransomware Antivirus Malware

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime

Cybercrime Spyware Data breaches Antivirus

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia.

Ransomware

Ransomware Hacking Healthcare Retail

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

Ransomware activity and network access sales in Q3 2022

Security Affairs

NOVEMBER 1, 2022

Compared to the second quarter of 2022, the activity decreased by 8%, falling from July to August but increasing from August to September. In Q3 2022, the most prolific ransomware and data leak actors in Q3 were LockBit , Black Basta , Hive , Alphv(aka BlackCat) and the new entry BianLian group. SecurityAffairs – hacking, cybercrime).

Ransomware

Ransomware Cybercrime Hacking Information Security

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last month arrested in Geneva Vyacheslav Igorevich Penchukov (40), also known as Tank, which is one of the leaders of the JabberZeus cybercrime group. Pierluigi Paganini.

Cybercrime

Cybercrime Banking Identity Theft Hacking

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated.

Malware

Malware Phishing Spyware Cybercrime

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware

Ransomware Retail Malware Insurance

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware

Ransomware Encryption Malware Hacking

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware

Malware Phishing Banking Hacking

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. The report states that North Korea-linked attacks employed the AppleJeus malware to steal cryptocurrency.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec

InfoSec Malware Cybercrime Information Security

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ” reads the report published by the security firm. SecurityAffairs – hacking, Amadey malware).

Malware

Malware Ransomware Cybercrime Phishing

FUD Malware obfuscation engine BatCloak continues to evolve

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering

Engineering Malware Encryption Hacking

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

MARCH 17, 2024

RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information.

Malware

Malware Passwords Software Hacking

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report.

Identity Theft

Identity Theft Accountability DDOS Cybercrime

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The campaign has been active since at least September 2022, most of the infections have been observed in Argentina (34,8%), followed by Australia (23,2%). “We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September.” exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved. ” concludes the report.

Malware

Malware Banking Phishing Engineering

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023. ” concludes the report published by Huntress.

Cybercrime

Cybercrime Software Education Ransomware

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

New Wiper Malware HermeticWiper targets Ukrainian systems

Security Affairs

FEBRUARY 24, 2022

Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine.

Malware

Malware DDOS Banking Government

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).

Malware

Malware Banking Software Cybercrime

Ransomware attacks hit 105 US local governments in 2022

Security Affairs

JANUARY 2, 2023

In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. The only local government known to have paid a ransom in 2022 was Quincy, MA., In at least 17 incidents (68 percent), threat actors exfiltrated data including Protected Health Information (PHI).

Government

Government Ransomware Healthcare Education

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. This trend comes from the “Man in The Browser” (MiTB) attacks and WEB-injects designed for traditional PC-based malware such as Zeus, Gozi and SpyEye.

Mobile

Mobile Malware Banking Retail

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

TA558 cybercrime group targets hospitality and travel orgs

Threat Report Portugal: Q3 & Q4 2022

New Go-based Redigo malware targets Redis servers

Carbanak malware returned in ransomware attacks

ZingoStealer crimeware released for free in the cybercrime ecosystem

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Threat Report Portugal: Q2 2022

EnemyBot malware adds new exploits to target CMS servers and Android devices

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

New Lobshot hVNC malware spreads via Google ads

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Cybercrime group exploits Windows zero-day in ransomware attacks

Ransomware activity and network access sales in Q3 2022

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

New TA886 group targets companies with custom Screenshotter malware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

WikiLoader malware-as-a-service targets Italian organizations

North Korea-linked hackers stole $626 million in virtual assets in 2022

Threat actors target the infoSec community with fake PoC exploits

Hackers are taking advantage of the interest in generative AI to install Malware

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

FUD Malware obfuscation engine BatCloak continues to evolve

“gitgub” malware campaign targets Github users with RisePro info-stealer

Let’s give a look at the Dark Web Price Index 2022

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Raspberry Robin malware used in attacks against Telecom and Governments

Xenomorph malware is back after months of hiatus and expands the list of targets

Two PoS Malware used to steal data from more than 167,000 credit cards

Symbiote, a nearly-impossible-to-detect Linux malware?

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Dariy Pankov, the NLBrute malware author, pleads guilty

New Wiper Malware HermeticWiper targets Ukrainian systems

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Ransomware attacks hit 105 US local governments in 2022

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Stay Connected