eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. The Noodlophile Stealer is a new malware strain.

Malware 105

Malware Scams Media Artificial Intelligence 105

Malwarebytes

MARCH 26, 2025

In this case, they certainly put a lot more effort into creating the fake website which the advertisement linked to: Its different from the real website, but it looks convincing, nonetheless. The advertisers name is not in Chinese characters by the way. The language in which the advertiser’s name is written is Hebrew: .

Artificial Intelligence 118

Artificial Intelligence Advertising Malware Risk 118

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Image: spur.us.

Malware 318

Malware Passwords Accountability Advertising 318

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 350

Malware Identity Theft Cybercrime Accountability 350

Krebs on Security

NOVEMBER 19, 2024

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. The original October 31 post from abyss0, where they advertise the sale of data from several large banks that are customers of a large financial software company. 8 post on BreachForums. Image: Ke-la.com.

Data breaches 322

Data breaches Banking Cybercrime Advertising 322

Krebs on Security

NOVEMBER 1, 2024

” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. A scan of social media networks showed this is not an uncommon scam.

Phishing 288

Phishing Accountability Artificial Intelligence Cybercrime 288

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re Image: Spur.us.

Malware 337

Malware Cybercrime Internet Internet 337

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 327

Malware Cybercrime Accountability Antivirus 327

Krebs on Security

MAY 17, 2022

” The card reader Mark bought was sold by a company called Saicoo , whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings. He said Saicoo did not address his concern that the driver package on its website was bundled with malware.

Malware 360

Malware Government Internet Internet 360

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 119

Malware Advertising Antivirus Cybercrime 119

Penetration Testing

JULY 9, 2025

That’s when the malware begins to harvest sensitive data—and lay the groundwork for persistent access. The malware performs anti-virtualization checks to evade sandbox detection and executes commands with elevated privileges by harvesting the user’s password early in the attack chain. Moonlock Lab suggests this is just the beginning.

Malware 77

Malware Surveillance InfoSec Penetration Testing 77

Security Boulevard

JANUARY 24, 2025

A malicious generative AI chatbot dubbed "GhostGPT" is being advertised to cybercriminals on underground forums as a tool for more quickly and efficiently creating malware, running BEC attacks, and other nefarious activities, lowering the barrier for less-skilled hackers to launch attacks.

Advertising 129

Advertising Malware Social Engineering Security Awareness 129

Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 Indicators of BADBOX 2.0

IoT 145

IoT Internet Internet Advertising 145

eSecurity Planet

APRIL 21, 2025

A notorious Russian hosting service provider known as Proton66 is at the center of a series of widespread cyberattacks and malware campaigns targeting organizations and users worldwide, according to fresh findings from cybersecurity experts. The malware connects to a C2 server at 193.143.1.139. “Net blocks 45.135.232.0/24

Malware 71

Malware Phishing Ransomware VPN 71

Krebs on Security

JANUARY 25, 2024

But cybercrooks are constantly figuring out ingenious ways to fly beneath Google’s anti-abuse radar, and new examples of bad ads leading to malware are still too common. My guess it’s still continuing because of the up-and-down [of the] domains hosting malware and then looking legitimate.” million advertiser accounts.

Software 339

Software Advertising Accountability Malware 339

Penetration Testing

NOVEMBER 2, 2024

In a world increasingly dependent on online advertising, cybercriminals have seized an opportunity to exploit Meta’s vast advertising ecosystem.

Advertising 137

Advertising Cybersecurity Malware 137

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. According to Edwards, there are no signs that these phishing sites are being advertised via email. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. Central Intelligence Agency ; and hochuzhitlife[.]com

Phishing 244

Phishing Government Engineering Internet 244

Graham Cluley

JUNE 12, 2025

ⓘ Malware attack disguises itself as DeepSeek installer Graham Cluley @ 10:47 am, June 12, 2025 @grahamcluley.com @ [email protected] Cybercriminals are exploiting the growing interest in open source AI models by disguising malware as a legitimate installer for DeepSeek. How are the bad guys spreading the malware?

Malware 62

Malware Cryptocurrency Accountability Advertising 62

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 301

Mobile Malware Technology Government 301

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware 67

Malware Data collection Advertising Media 67

SecureWorld News

JUNE 23, 2025

At the gym, the flyer advertising a free class also has a QR code. These quick scans can become gateways—not to a menu or coupon, but to malicious phishing sites, malware downloads, or credential theft. That code might redirect to a spoofed login page, a malware dropper, or a credential harvesting form.

Malware 81

Malware Phishing Marketing Mobile 81

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. The HeartSender group advertised its tools as fully undetectable by antispam software. These tools are essential components to build and run fraud operations.

Cybercrime 108

Cybercrime Advertising Phishing Hacking 108

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising 332

Advertising Cybercrime System Administration Hacking 332

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 124

Malware Software Passwords Cryptocurrency 124

Malwarebytes

FEBRUARY 4, 2025

This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon. You can find the full 2025 State of Malware report here. And if the model works for individuals, theres little reason it wouldnt work for individual business owners.

Artificial Intelligence 142

Artificial Intelligence Small Business Malware Technology 142

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. At that time, RSOCKS was advertising more than 80,000 proxies. RSOCKS, circa 2016.

Cybercrime 315

Cybercrime Advertising IoT Malware 315

Security Affairs

OCTOBER 19, 2024

” APT37 compromised the online advertising agency behind the Toast ad program to carry out a supply chain attack. APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. dll), allowing type confusion to occur.

Internet 141

Internet Internet Engineering Malware 141

SecureList

DECEMBER 16, 2024

Review of last year’s predictions The number of services providing AV evasion for malware (cryptors) will increase We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples.

Marketing 104

Marketing Cryptocurrency Data breaches Malware 104

SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. They purchase advertising slots that redirect users to malicious resources, employing various tricks to achieve infections.

Adware 125

Adware Malware Cryptocurrency Password Management 125

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. io , and rdp[.]sh. Those archived webpages show both RDP services were owned by an entity called 1337 Services Gmbh.

eCommerce 233

eCommerce Cybercrime Accountability Hacking 233

SecureList

MARCH 11, 2025

Since the beginning of the year, we’ve been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers.

Passwords 87

Passwords Malware Advertising Software 87

Krebs on Security

JANUARY 28, 2022

One concern about more malware shifting to Rust is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for The Record. The nickname “ YBCat ” advertised that same ToX ID on Carder[.]uk, The nickname “ YBCat ” advertised that same ToX ID on Carder[.]uk,

Ransomware 349

Ransomware Accountability Cybercrime Malware 349

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 121

Software Cryptocurrency Malware DNS 121

Krebs on Security

SEPTEMBER 27, 2023

The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord. the now-defunct pittsburghcitygirls[.]com). top , www-microsofteams[.]top top , adobeusa[.]top

Ransomware 339

Ransomware Internet Internet Phishing 339

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. The Exe Clean service made malware look like goodware to antivirus products. The Exe Clean service made malware look like goodware to antivirus products.

VPN 361

VPN Computers and Electronics Antivirus Software 361

Zero Day

JUNE 26, 2025

Here's why A new Trojan malware is targeting sensitive information, including crypto wallet seed phrases. Also: How Avast's free AI-powered Scam Guardian protects you from online con artists According to Kaspersky, the malware targets iOS and Android devices. Here's how the malware works.  What is SparkKitty?

Password Management 124

Password Management Small Business Passwords Artificial Intelligence 124

Security Affairs

OCTOBER 20, 2024

CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog GitHub addressed a critical vulnerability in Enterprise Server A new Linux variant of FASTCash malware targets financial systems WordPress Jetpack plugin critical flaw impacts 27 million sites Pokemon dev Game Freak discloses (..)

Data breaches 116

Data breaches Cybercrime Cyber Insurance Marketing 116