Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 241

Malware Advertising Marketing System Administration 241

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Image: spur.us.

Malware 305

Malware Passwords Accountability Advertising 305

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising 140

Advertising Cybercrime Malware Cryptocurrency 140

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. com , a malware-based proxy network that has been in existence since at least 2010. Image: Spur.us.

Malware 324

Malware Cybercrime Internet Internet 324

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 314

Malware Cybercrime Software Accountability 314

Krebs on Security

MAY 17, 2022

” The card reader Mark bought was sold by a company called Saicoo , whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings. He said Saicoo did not address his concern that the driver package on its website was bundled with malware.

Malware 355

Malware Government Internet Internet 355

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking 237

Hacking Phishing Risk Accountability 237

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group advertised its tools as fully undetectable by antispam software.

Cybercrime 110

Cybercrime Advertising Phishing Hacking 110

Schneier on Security

APRIL 2, 2021

News article : Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” ” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.)

Software 228

Software Malware Antivirus Advertising 228

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. io , and rdp[.]sh. Those archived webpages show both RDP services were owned by an entity called 1337 Services Gmbh.

eCommerce 218

eCommerce Cybercrime Accountability Hacking 218

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 244

Malware VPN Internet Internet 244

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus 363

Antivirus Hacking Government Software 363

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 350

Accountability Passwords Advertising Phishing 350

Security Affairs

OCTOBER 20, 2024

CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog GitHub addressed a critical vulnerability in Enterprise Server A new Linux variant of FASTCash malware targets financial systems WordPress Jetpack plugin critical flaw impacts 27 million sites Pokemon dev Game Freak discloses (..)

Data breaches 119

Data breaches Cybercrime Cyber Insurance Marketing 119

Security Affairs

NOVEMBER 5, 2024

Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. “Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., Charges remain undisclosed.

Unstructured Data 123

Unstructured Data Media Cybercrime Hacking 123

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware 69

Malware Data collection Advertising Media 69

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising 320

Advertising Cybercrime System Administration Hacking 320

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. ” reported the website DailyDarkweb.

Malware 145

Malware Banking Advertising Cybercrime 145

Schneier on Security

NOVEMBER 8, 2019

Back then, the malware's code was relatively simple, and its main function was visiting advertisement pages for monetization purposes. We strongly believe that the malware's source code is still a work in progress. It's a weird piece of malware. The continuous evolution of the malware implies an organized actor.

Malware 172

Malware Advertising Encryption Hacking 172

Krebs on Security

JANUARY 25, 2024

But cybercrooks are constantly figuring out ingenious ways to fly beneath Google’s anti-abuse radar, and new examples of bad ads leading to malware are still too common. My guess it’s still continuing because of the up-and-down [of the] domains hosting malware and then looking legitimate.” million advertiser accounts.

Software 327

Software Advertising Malware Accountability 327

Security Affairs

OCTOBER 19, 2024

” APT37 compromised the online advertising agency behind the Toast ad program to carry out a supply chain attack. APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. dll), allowing type confusion to occur.

Internet 143

Internet Internet Engineering Malware 143

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS 319

DNS Penetration Testing Malware Hacking 319

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Antivirus 256

Antivirus Advertising Software Malware 256

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. At that time, RSOCKS was advertising more than 80,000 proxies. RSOCKS, circa 2016.

Cybercrime 297

Cybercrime Advertising IoT Malware 297

Krebs on Security

NOVEMBER 10, 2020

Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. 3 that its computer systems had been sidelined by a malware attack. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook.

Ransomware 363

Ransomware Accountability Hacking Advertising 363

Krebs on Security

FEBRUARY 17, 2021

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 The accused allegedly developed and marketed a series of cryptocurrency applications that were advertised as tools to help people manage their crypto holdings.

Cryptocurrency 344

Cryptocurrency Financial Services Banking Government 344

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware 145

Malware Advertising Ransomware Encryption 145

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). ” reads the report published by Cyble.

Advertising 98

Advertising Passwords Malware Password Management 98

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. ” concludes the report. ” concludes the report.

Malware 131

Malware Cryptocurrency Advertising Architecture 131

Krebs on Security

OCTOBER 8, 2020

Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. ” WHO IS DR. SAMUIL? The domain registration records for ruskod[.]net

Cybercrime 353

Cybercrime Malware Ransomware Penetration Testing 353

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. PPI programs) to generate new installations of their malware.”

Passwords 321

Passwords Malware Internet Internet 321

Security Affairs

AUGUST 28, 2024

million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware organization. The US Department of State offers a $2.5

Malware 132

Malware Computers and Electronics Cybercrime Internet 132

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 144

Malware Ransomware Cybercrime Hacking 144

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). “Absolutely all servers and working computers of the company are hacked and encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking 145

Hacking Ransomware Advertising Encryption 145

Security Affairs

AUGUST 23, 2024

Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. Once the user inputs their credentials, the malware stores them in a directory and uses Chainbreak to dump Keychain passwords. ” The malware can steal various types of information from a broad array of sources.

Malware 131

Malware Passwords Cryptocurrency Software 131

Schneier on Security

JUNE 23, 2021

To evade detection, the malware makes use of the company’s so-called “invisible low stealth technology” and its Android product is advertised as having “low data and battery consumption” to prevent people from suspecting their phone or tablet has been infected.

Manufacturing 291

Manufacturing Spyware Surveillance Marketing 291

Security Affairs

DECEMBER 10, 2020

Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings. Microsoft warned of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing their settings and inject ads into search results pages.

Malware 144

Malware Advertising Media Engineering 144