Advertising, Cybercrime, Information Security and Passwords

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for operating the E-Root cybercrime marketplace. Diaconu was operating the E-Root cybercrime marketplace. Authorities reported that over 350,000 credentials were advertised for sale on the marketplace. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime

Cybercrime Malware Passwords Advertising

Hackers breached four prominent underground cybercrime forums

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. No other information looked to be compromised in the attack.”

Cybercrime

Cybercrime DDOS Hacking Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. “The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums.

Cybercrime

Cybercrime Education Accountability Phishing

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS).

Advertising

Advertising Passwords Malware Password Management

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” ” continues the report.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. Pierluigi Paganini.

Passwords

Passwords Software Firmware Malware

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

A threat actor has released the databases of Utah-based gun exchange and hunting sites for free on a cybercrime forum. On August 10th, a hacker has leaked online the databases of Utah-based gun exchange for free on a cybercrime forum. The leaked data includes login names, hashed passwords, and email addresses.

Hacking

Hacking Data breaches Cybercrime Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. And this goes beyond usernames and passwords to information that can get them immediate financial gain like credit card information and cryptocurrency wallets.”

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities. He is accused of advertising and selling the Hive remote access trojan (RAT) on the “Hack Forums” website. . ” reported the DoJ. ” continues DoJ. . ” continues DoJ.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. We do not store any credit card or payment related information on our servers.”

Media

Media Hacking Passwords Data breaches

Kaiser Permanente data breach may have impacted 13.4 million patients

Security Affairs

APRIL 26, 2024

TechCrunch reported that the company confirmed it shared patients’ information with third-party organizations, including Google, Microsoft and X, for advertising purposes. Shared data include names, IP addresses, and information about members’ operations on the company website and mobile apps.

Data breaches

Data breaches Healthcare Mobile Advertising

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Experts pointed out that attacks abusing the ngrok platform are hard to detect because connections to subdomains of ngrok.com are not filtered by security measures. Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups.

Phishing

Phishing Cybercrime Mobile Internet

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

The threat actors also attempted to sell the stolen data on the BreachForums cybercrime forum that was recently shut down by law enforcement. “In the last 24 hours we became aware of a dump of the Kodi user forum (MyBB) software being advertised for sale on internet forums. This post confirms that a breach has taken place.”

Data breaches

Data breaches Backups Passwords Accountability

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware can steal sensitive data from the infected endpoint, including browser history and passwords, and cookies.

Cybercrime

Cybercrime Malware Education Phishing

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing

Phishing Cybercrime Authentication Mobile

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

. “According to court documents authorizing the seizures, the Warzone RAT provided cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission.”

Malware

Malware Hacking Cybercrime Advertising

Watch out, your StockX account details may be available in crime forums

Security Affairs

AUGUST 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. A threat actor stole details of 6 million users, the stolen data includes user names, email addresses, addresses, shoe size, purchase history, and encrypted passwords (salted MD5).

Accountability

Accountability Data breaches Passwords Cybercrime

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. This is a complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.””

Malware

Malware Advertising Cybercrime Passwords

Open Exchange Rates discloses a security breach

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches

Data breaches Passwords Advertising Accountability

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. companies for customers’ personal information.” The Russian man also advertised the platform on other hacking forums. Social Security Numbers, dates of birth, and victim addresses. SecurityAffairs – cybercrime, DEER.IO).

Cybercrime

Cybercrime Advertising Hacking Accountability

Indian video on demand giant ZEE5 has been hacked

Security Affairs

JUNE 7, 2020

The Indian video on demand giant ZEE5 has been hacked, attackers are threatening to sell the database on the cybercrime underground markets. The huge trove of data contains data, recent transactions, passwords, emails, mobile numbers, email addresses, messages, etc. ” reads the post published by the expert. Pierluigi Paganini.

Hacking

Hacking Cybercrime Advertising Passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

RPKI adds a layer of security to BGP by cryptographically binding IP address prefixes to the entities that hold the legitimate right to advertise them. “We encourage account holders to please update their passwords and enable multi-factor authentication for their accounts.

Internet

Internet Internet Accountability Passwords

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

Once the cybercriminals hijacked the account, renamed it to @phantomsolw, then started advertising a rogue website impersonating the Phantom crypto service. “Sorry, change password please.” Today Mandiant had their Twitter account stolen. The threat actors exploited the account to promote an airdrop scam.

Scams

Scams Cryptocurrency Accountability Hacking

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

. “We recently became aware that some of our customers’ personal information stored on one of our databases has been accessed without permission. To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.” Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Passwords Advertising

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past. Emotet joined the password-protected attachment bandwagon with a campaign starting Friday. ” states the Italian CSIRT’s alert.

Malware

Malware Passwords Advertising Cybercrime

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The threat actors infected at least 8.9

Mobile

Mobile Advertising Malware Cybercrime

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc.

Accountability

Accountability Data breaches Passwords Advertising

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI recommends individuals take the following precautions: Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Mobile

Mobile Cryptocurrency Authentication Accountability

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

“The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.” The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security.

Data breaches

Data breaches Advertising Hacking Cybercrime

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Security Affairs

OCTOBER 11, 2022

.” The toolkit provides templates for a broad range of targets, including Chinese and Russian organizations, which is quite uncommon in the cybercrime ecosystem. Caffeine is advertised on multiple cybercrime underground forums, its subscription models are more expensive compared with other PhaaS platforms.

Phishing

Phishing Cybercrime Accountability Advertising

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Regularly back up data, air gap, and password-protect backup copies offline. Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Ransomware

Ransomware Antivirus Passwords Malware

New BloodyStealer malware is targeting the gaming sector

Security Affairs

SEPTEMBER 27, 2021

The infostealer is available for sale on dark web forums, the researchers explained that the malware allows operators to harvest a broad range of information, including cookies, passwords, bank cards, and sessions from various applications. ” reads the analysis published by Kaspersky.

Malware

Malware Banking Passwords Accountability

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. The Cyclops group is advertising the ransomware on multiple cybercrime forums, the gang requests a share of profits from those using its malware in financially motivated attacks.

Ransomware

Ransomware Encryption Cybercrime Malware

European police arrested tens of members of two SIM Hijacking Gangs

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Cybercrime Mobile Accountability

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. Axe was advertising the Trojan as the result of over five years of work, a total of 15k ~ hours were spent for the development of the malicious code. Pierluigi Paganini.

Banking

Banking Advertising Malware Cybercrime

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Security Affairs

SEPTEMBER 7, 2023

In April Cyble Research and Intelligence Labs (CRIL) discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems.

Malware

Malware Passwords Engineering Software

New Coronavirus-themed campaign spread Lokibot worldwide

Security Affairs

APRIL 4, 2020

Once opened the file, the Lokibot infection starts, the malware steals sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) and exfiltrates them to the URL: hxxp://bslines[.]xyz/copy/five/fre.php.

Advertising

Advertising Malware Passwords Cybercrime

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training.

Ransomware

Ransomware DDOS Passwords Backups

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

The Russian man also advertised the platform on other hacking forums. Individuals can also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. Social Security Numbers, dates of birth, and victim addresses.

Accountability

Accountability Advertising Passwords Hacking

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

New MacStealer macOS malware appears in the cybercrime underground

Webinars

Trending Sources

Hackers breached four prominent underground cybercrime forums

Webinars

FBI: Compromised US academic credentials available on various cybercrime forums

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

15 billion credentials available in the cybercrime marketplaces

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Threat actor leaked data for U.S. gun exchange site on hacking forum

Who and What is Behind the Malware Proxy Service SocksEscort?

Raccoon Malware, a success case in the cybercrime ecosystem

U.S. and Australian police arrested Firebird RAT author and operator

Asian media firm E27 hacked, attackers asked for a “donation”

Kaiser Permanente data breach may have impacted 13.4 million patients

Hackers abusing the Ngrok platform phishing attacks

Kodi discloses data breach after its forum was compromised

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

US Feds arrested two men involved in the Warzone RAT operation

Watch out, your StockX account details may be available in crime forums

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Open Exchange Rates discloses a security breach

FBI shuts down the Russian-based hacker platform DEER.IO

Indian video on demand giant ZEE5 has been hacked

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Crooks hacked Mandiant X account to push cryptocurrency scam

Aerial Direct, the O2’s largest UK partner suffered a data breach

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

One million cracked Poshmark accounts being sold online

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

BlackCat Ransomware gang breached over 60 orgs worldwide

New BloodyStealer malware is targeting the gaming sector

Cyclops Ransomware group offers a multiplatform Info Stealer

European police arrested tens of members of two SIM Hijacking Gangs

Silent Night Zeus botnet available for sale in underground forums

CISA’s advisory warns of notable increase in LokiBot malware

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

New Coronavirus-themed campaign spread Lokibot worldwide

Avoslocker ransomware gang targets US critical infrastructure

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Stay Connected