Advertising, Cybercrime, Information Security and Malware

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising

Advertising Cybercrime Malware Cryptocurrency

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime

Cybercrime Malware Passwords Advertising

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Crooks impersonate brands using search engine advertisement services

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. ” reads the advisory published by the FBI.

Advertising

Advertising Engineering Education Internet

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). ” concludes the report.

Advertising

Advertising Passwords Malware Password Management

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime

Cybercrime Advertising IoT Malware

Hackers breached four prominent underground cybercrime forums

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. No other information looked to be compromised in the attack.”

Cybercrime

Cybercrime DDOS Hacking Passwords

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. ” continues the report.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware

Malware Encryption Advertising Cryptocurrency

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization.

Ransomware

Ransomware Malware Cybercrime Encryption

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising

Advertising Cybercrime System Administration Hacking

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. ” . Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. The popular investigator Brian Krebs and Spur.us “ SocksEscort[.]com

Malware

Malware Small Business Advertising Passwords

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The malware is able to take JPG screenshots of the victim’s desktop and submitting it to a remote C2 via a POST to a hardcoded IP address.

Malware

Malware Phishing Spyware Cybercrime

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities. He is accused of advertising and selling the Hive remote access trojan (RAT) on the “Hack Forums” website. ” reported the DoJ. ” continues DoJ.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

New BloodyStealer malware is targeting the gaming sector

Security Affairs

SEPTEMBER 27, 2021

Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. stealing a wide range of sensitive information, including cookies, passwords, bank cards, as well as sessions from various applications. ” reads the analysis published by Kaspersky.

Malware

Malware Banking Passwords Accountability

Crooks use weaponized coronavirus map to deliver malware

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware

Malware Advertising Passwords Cryptocurrency

250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack

Security Affairs

NOVEMBER 3, 2022

Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. The media company serves The media company provides video content and advertising via Javascript to its partners. SecurityAffairs – hacking, malware). zip, Chrome.Updater.zip, Firefo?.U?dat?.zip,

Malware

Malware Media Advertising Hacking

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware. The two individuals are charged with selling and supporting the Warzone RAT and other malware. ” concludes DoJ.

Malware

Malware Hacking Cybercrime Advertising

FraudGPT, a new malicious generative AI tool appears in the threat landscape

Security Affairs

JULY 26, 2023

FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. The author claims that FraudGPT can develop undetectable malware and find vulnerabilities in targeted platforms.

Artificial Intelligence

Artificial Intelligence Cybercrime Phishing Advertising

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Security Affairs

DECEMBER 30, 2019

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime. It will only serve to stifle global efforts to combat cybercrime.”

Cybercrime

Cybercrime Surveillance Spyware Government

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 Most of the attacks targeted non-standard ports and experts observed a spike in the number of encrypted malware.

IoT

IoT Encryption Malware Advertising

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Chiochiu will be sentenced on December 11.

Malware

Malware Advertising Cybercrime Hacking

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. The malware can steal sensitive data from the infected endpoint, including browser history and passwords, and cookies.

Cybercrime

Cybercrime Malware Education Phishing

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT

IoT Cybercrime Internet Internet

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week FTC charged Avast with selling users’ browsing data to advertising companies (..)

Spyware

Spyware Cyber Insurance Hacking Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. That user advertised a service called “ Quot Project ” which said they could be hired to write programming scripts in Python and C++. A DIRECT QUOT The domain quot[.]pw pw was their domain.

Scams

Scams DDOS Cryptocurrency Accountability

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Through exchanges, attackers channeled assets obtained as a result of malware attacks (cryptoviruses) and online fraud. Exchange services were advertised on closed hacker forums.” ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English.

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 8, 2023

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege A WhatsApp zero-day exploit can cost several million dollars CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog NATO is investigating a new cyber attack claimed by the SiegedSec group Global CRM Provider Exposed (..)

Data breaches

Data breaches Cybercrime Ransomware Hacking

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. ” concludes the report. ” concludes the report.

Malware

Malware Advertising Cybercrime Passwords

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat intelligence firm Cluster25 on July 21, 2022.

Malware

Malware Password Management Authentication Passwords

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Passwords

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups. The experts reported multiple malware strains and phishing campaigns abusing ngrok tunnelling, including. “Interestingly, we found multiple ngrok.io

Phishing

Phishing Cybercrime Mobile Internet

PoS malware infected systems at 71 locations operated by US store chain Rutter’s

Security Affairs

FEBRUARY 14, 2020

US store chain Rutter disclosed a security breach, 71 locations were infected with a point-of-sale (POS) malware used to steal customers’ credit card information. convenience store, fast food restaurant, and gas station chain owner, has disclosed a security breach. The Rutter’s , a U.S.

Malware

Malware Identity Theft Advertising Cybersecurity

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The two Macros decoded a Javascript payload acting as a drop and execute by using a well-known strategy as described in: “ Frequent VBA Macros used in Office Malware ”. Introduction. 66.133.129.5)

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

Crooks start exploiting Coronavirus as bait to spread malware

Security Affairs

FEBRUARY 1, 2020

Security researchers warn of malspam campaigns aimed at spreading malware that exploit s media attention on the coronavirus epidemic. Recently, coronavirus is monopolizing media attention, users online are searching for information about the virus and the way it is rapidly spreading worldwide.

Malware

Malware Media Banking Advertising

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

New MacStealer macOS malware appears in the cybercrime underground

Webinars

Trending Sources

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Webinars

Who and What is Behind the Malware Proxy Service SocksEscort?

Crooks impersonate brands using search engine advertisement services

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Raccoon Malware, a success case in the cybercrime ecosystem

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Hackers breached four prominent underground cybercrime forums

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

15 billion credentials available in the cybercrime marketplaces

Statc Stealer, a new sophisticated info-stealing malware

BlackCat ransomware, a very sophisticated malware written in Rust

Meet the Administrators of the RSOCKS Proxy Botnet

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Experts link AVRecon bot to the malware proxy service SocksEscort

Chinese-speaking cybercrime gang Rocke changes tactics

New TA886 group targets companies with custom Screenshotter malware

U.S. and Australian police arrested Firebird RAT author and operator

New BloodyStealer malware is targeting the gaming sector

Crooks use weaponized coronavirus map to deliver malware

250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack

US Feds arrested two men involved in the Warzone RAT operation

FraudGPT, a new malicious generative AI tool appears in the threat landscape

UN approves Russia-Cina sponsored resolution on new cybercrime convention

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

The author of FastPOS PoS malware pleads guilty

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

New MATA Multi-platform malware framework linked to NK Lazarus APT

TheMoon bot infected 40,000 devices in January and February

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Interview With a Crypto Scam Investment Spammer

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

REvil Ransomware member win the auction for KPot stealer source code

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Erbium info-stealing malware, a new option in the threat landscape

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Hackers abusing the Ngrok platform phishing attacks

PoS malware infected systems at 71 locations operated by US store chain Rutter’s

TA505 Cybercrime targets system integrator companies

Crooks start exploiting Coronavirus as bait to spread malware

Stay Connected