Advertising, DNS, Malware and Phishing - Cyber Security Informer

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. We have observed several different advertiser accounts which were all reported to Google. Online ads from search engine result pages are increasingly being used to deliver malware to corporate users.

System Administration

System Administration DNS Engineering Social Engineering

Defeating Malvertising-Based Phishing Attacks

Security Boulevard

MARCH 3, 2023

Malvertising Enters a New Age While Google grapples with the potential threat that ChatGPT poses to its advertising business, cybercriminals are taking advantage of Google Ads to ramp up their phishing attacks on unsuspecting victims. Your EDR client also couldn’t find anything malicious, so it allowed the malware to run.

Phishing

Phishing DNS Malware Antivirus

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers. Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. ” reads the analysis published by the experts.

DNS

DNS Malware Firmware Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Endpoint security for Mac: 3 best practices

Malwarebytes

JULY 14, 2022

Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that Macs don’t get malware simply isn’t true: in fact, the number of malware detections on Mac jumped 200% year-on-year in 2021. And it’s not just malware you have to worry about with your Mac endpoints.

DNS

DNS Adware Malware Antivirus

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct.

Phishing

Phishing Marketing Accountability DNS

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang.

DNS

DNS Mobile Phishing Malware

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS

DNS Penetration Testing Malware Hacking

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS

DNS Phishing Advertising Malware

What are Common Types of Social Engineering Attacks?

eSecurity Planet

JULY 29, 2021

Social engineering can manifest itself across a wide range of cybersecurity attacks: Phishing Smishing Vishing Whaling Pharming Baiting Pretexting Scareware Deepfakes. Phishing is a broad category of social engineering attacks that specifically target most businesses’ primary mode of communication: email. Pretexting.

Social Engineering

Social Engineering Engineering Phishing DNS

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware

Malware DNS Social Engineering Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

Security Affairs

SEPTEMBER 14, 2018

In mid-August, the state-sponsored hackers launched a highly targeted spear-phishing email to a high-ranking office in a Middle Eastern nation. “In August 2018, Unit 42 observed OilRig targeting a government organization using spear-phishing emails to deliver an updated version of a Trojan known as BONDUPDATER.

DNS

DNS Phishing Government Malware

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS

DNS Passwords Advertising Banking

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware

Malware DNS Financial Services Retail

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

The Web site in 2015 for the “Manipulaters Team,” a group of Pakistani hackers behind the dark web identity “Saim Raza,” who sells spam and malware tools and services. Regarding phishing, whenever we receive complaint, we remove the services immediately. Also we are running business since 2006.”

Software

Software Phishing Cybercrime Accountability

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Google is going to block logins from embedded browsers against MitM phishing attacks. Marcus Hutchins pleads guilty to two counts of banking malware creation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics

Computers and Electronics Spyware Data breaches Advertising

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware

Malware Ransomware Encryption Energy and Utilities

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS

DNS Advertising Firmware Banking

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Experts devised advanced SMS phishing attacks against modern Android-based phones. Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

New OilRig APT campaign leverages a new variant of the OopsIE Trojan

Security Affairs

SEPTEMBER 6, 2018

The OopsIE Trojan is one of the malware in the APT’s arsenal that was detected for the first time in February 2018. The campaign was also delivering the QUADAGENT backdoor, anyway, experts noticed the group using a different malware for each targeted organization. ” reads the analysis published by Paolo Alto Network.

Government

Government Phishing Malware Advertising

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

In June malware researchers from Cybaze-Yoroi spotted a new suspicious activity potentially linked to the popular APT group. State-sponsored hackers launched spear-phishing attackes using weaponized documents. Upon reboot, the VBScript performs an HTTP GET request to fetch an encrypted stage from a dynamic DNS domain.

Government

Government Advertising Media DNS

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Banking Advertising Ransomware

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware

Malware Adware Spyware Antivirus

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). From group_b to group_d time frame OilRig started a more sophisticated Spear Phishing (rif.T1193) campaigns within malicious attachments as their main threat delivery activity. Delivery Technique Over Time.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

The Common 5 Security Tools You Can’t Miss in 2021 to Protect Your Digital World

Vipre

JANUARY 25, 2021

According to the independent institute AV-TEST , the number of total new malware in 2020 increased by 13% compared to the last year, and malware for macOS by 1200% for the same period. Ad blockers, as the name suggests, block advertisements and protects you from phishing scams. Ad Blockers.

Identity Theft

Identity Theft Backups VPN Antivirus

Calling Home, Get Your Callbacks Through RBI

Security Boulevard

JANUARY 17, 2024

Figure 1 — Cloudflare RBI Diagram The primary focus of RBI is to prevent user interactions with web-based malware such as cross-site scripting (XSS), drive-by downloads, and various forms of malicious JavaScript. It is not generally advertised on the product pages that RBI affects C2 traffic, but we promise you it does.

DNS

DNS Penetration Testing Passwords Encryption

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The Cybaze -Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “ Fattura ” themed phishing emails (e.g. The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem.

Banking

Banking Malware Internet Internet

Security Affairs newsletter Round 176 – News of the week

Security Affairs

AUGUST 19, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · 2.6 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches DNS Advertising Hacking

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

IT threat evolution Q1 2023

SecureList

JUNE 7, 2023

However, recently the group has adopted new methods to deliver its malware. The threat actor also seems to be experimenting with new file types to deliver its malware. Android malware, used by Roaming Mantis, and discovered a DNS changer function that was implemented to target specific Wi-Fi routers used mainly in South Korea.

DNS

DNS Malware Cryptocurrency Retail

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

AUGUST 20, 2019

Like most APTs, Silence uses phishing emails to infect their victims. Ivoke was detected by Group-IB’s Threat Intelligence team in May 2019, when Silence sent out phishing emails purporting to be from a bank’s client with a request to block a card. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Cybercrime Cybersecurity Advertising

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

Phishing is one of the oldest methods of cyberattacks. Types of Phishing Attacks. There are different types of phishing attacks and each is deceiving and manipulative in its own unique way. The most common type is phishing is carried out through fraudulent email receptionist. Another targeted phishing practice is Whaling.

Phishing

Phishing Accountability Authentication Passwords

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Stealers" are a kind of malware designed to run on an endpoint post-compromise, while their primary features center on the theft of user data. Together with our colleagues at InQuest, we present a deep dive technical analysis of the malware. The same way you do in the real world – the market becomes flooded.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

FIN7 is back with a previously unseen SQLRat malware

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis. Pierluigi Paganini.

Malware

Malware Identity Theft Cybercrime Hacking

Cobalt cybercrime gang targets Russian and Romanian banks

Security Affairs

SEPTEMBER 1, 2018

Cobalt hackers leverage spear-phishing emails to compromise target systems, messages spoof emails from financial institutions or a financial supplier/partner. The new campaign discovered by Netscout’s ASERT researchers presents a novelty, One one of the phishing emails sent by Cobalt contains two separate malicious URLs.

Cybercrime

Cybercrime Banking Phishing Advertising

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. Silence reduced the use of phishing mail-outs, instead purchasing access to targeted banks from other groups (in particular TA505).

Banking

Banking Telecommunications Marketing Internet

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Security Affairs

APRIL 30, 2021

In the worst-case scenarios, users would end up on a malicious or a phishing website. Like phishing kits, scam kits are sets of tools that help create and design scam pages. Most domains with phishing and scam content use CDNs (Content Delivery Networks) to hide the IP address of the real servers.

Scams

Scams Phishing Risk Information Security

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Security Affairs

NOVEMBER 14, 2018

Experts at Yoroi’s Cyber Security Defence Center along with Fincantieri’s security team investigated the recently discovered Martymcfly malware attacks. command and control services of info stealers malware). DNS requests intercepted. Phishing page previously hosted on xtyenvunqaxqzrm.usa.cc . Background. Conclusion.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Phishing

QUASAR, SOBAKEN AND VERMIN RATs involved in espionage campaign on Ukraine

Security Affairs

JULY 18, 2018

The campaign was first spotted in January by experts from PaloAlto Networks when the researchers discovered a new piece of malware tracked VERMIN RAT targeting Ukraine organizations. These attackers use three different.NET malware strains in their attacks – Quasar RAT, Sobaken (a RAT derived from Quasar) and a custom-made RAT called Vermin.

Social Engineering

Social Engineering Malware Engineering Advertising

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Compromised Credentials Compromised identities from phishing, info stealers, keyloggers, and bad password habits provide the entry point for most ransomware attacks and data breaches. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

How much does access to corporate infrastructure cost?

SecureList

JUNE 15, 2022

In contrast, less experienced cybercriminals are not always able to see an attack through to the end (malware execution, data theft, etc.), Phishing attacks on employees. Malware log offers on a dark web forum. Malware logs (different). Free malware log offers on a dark web forum. Types of initial access.

VPN

VPN Accountability Ransomware Encryption

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

Bonupdater, Helminth, Quadangent and PowRuner are some of the most sophisticated Malware attributed to OilRig and analyzed over the past few years. For example by using: user credential leaks, social engineering toolkits, targeted phishing, and so on and so forth or is more on there to be discovered ? CopyKittens.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

NullMixer: oodles of Trojans in a single dropper

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. Malware execution instructions.

Malware

Malware Cryptocurrency Passwords Software

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Defeating Malvertising-Based Phishing Attacks

Webinars

Trending Sources

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Webinars

Endpoint security for Mac: 3 best practices

Phishers are Angling for Your Cloud Providers

Recent Roaming Mantis campaign hit hundreds of users worldwide

French Firms Rocked by Kasbah Hacker?

Hundreds of Microsoft sub-domains open to hijacking

What are Common Types of Social Engineering Attacks?

The return of the AdvisorsBot malware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

For nearly a year, Brazilian users have been targeted with router attacks

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

“FudCo” Spam Empire Tied to Pakistani Software Firm

Security Affairs newsletter Round 210 – News of the week

IT threat evolution Q3 2023

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs newsletter Round 230

New OilRig APT campaign leverages a new variant of the OopsIE Trojan

Russia-linked Gamaredon group targets Ukraine officials

Necurs Botnet adopts a new strategy to evade detection

Types of Malware & Best Malware Protection Practices

OilRig APT group: the evolution of attack techniques over time

The Common 5 Security Tools You Can’t Miss in 2021 to Protect Your Digital World

Calling Home, Get Your Callbacks Through RBI

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs newsletter Round 176 – News of the week

The Muncy malware is on the rise

IT threat evolution Q1 2023

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

5 Common Phishing Attacks and How to Avoid Them?

Mystic Stealer

FIN7 is back with a previously unseen SQLRat malware

Cobalt cybercrime gang targets Russian and Romanian banks

Group-IB presents its annual report on global threats to stability in cyberspace

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

The ‘MartyMcFly’ investigation: Italian naval industry under attack

QUASAR, SOBAKEN AND VERMIN RATs involved in espionage campaign on Ukraine

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

How much does access to corporate infrastructure cost?

Iranian Threat Actors: Preliminary Analysis

NullMixer: oodles of Trojans in a single dropper

Stay Connected