Advertising, Malware and System Administration

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. dll (Nitrogen).

System Administration

System Administration DNS Engineering Social Engineering

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks.

Ransomware

Ransomware System Administration Antivirus Malware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 See the latest malware analysis report on their TTPs at @CNMF_CyberAlert. v1 , U.S. .

Malware

Malware Government Passwords System Administration

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising

Advertising Cybercrime System Administration Hacking

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking System Administration

Malvertiser copies PC news site to deliver infostealer

Malwarebytes

NOVEMBER 8, 2023

This type of website is often visited by geeks and system administrators to read the latest computer reviews, learn some tips and download software utilities. The advertiser shows as Scott Cooper and is likely a compromised or fake identity. One common technique used by threat actors to evade detection is to employ cloaking.

Software

Software System Administration Antivirus Malware

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. Meanwhile on Hackforums[.]net

Advertising

Advertising Malware Marketing Software

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. According to the government experts, the BLINDINGCAN malware was employed in attacks aimed at US and foreign companies operating in the military defense and aerospace sectors. In April, the U.S.

Malware

Malware Cyber threats Government System Administration

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux.

IoT

IoT Cryptocurrency Malware System Administration

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

The Malware Threat behind CurveBall. Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . Pierluigi Paganini. SecurityAffairs – Curveball, hacking).

System Administration

System Administration Malware Advertising Risk

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

The experts also detailed a separate case, that was observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” ” concludes the report.

System Administration

System Administration Advertising Malware Hacking

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Advertising Internet Internet

Lazarus APT Targeting Cryptocurrency, CISA Warns

SecureWorld News

APRIL 21, 2022

The threat actors use social engineering to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems. They use the apps to gain access to the victim's computer and install malware across the network environment, stealing private keys and exploiting other security gaps.

Cryptocurrency

Cryptocurrency Computers and Electronics Social Engineering System Administration

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking

Banking Malware Cybercrime Accountability

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

The Chinese security firm also adds that the APT-C-39 hacking group employed several Vault 7 tools in its operations, including the Fluxwire backdoor, and the Grasshopper malware builder. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, CIA).

Hacking

Hacking Engineering Data breaches Advertising

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

System administrators need to upgrade to fixed versions ASAP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Our preliminary CVE-2020-5902 scans have located 1,832 vulnerable F5 hosts.

System Administration

System Administration Advertising Hacking Banking

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

“The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.” The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine.

Engineering

Engineering Cryptocurrency System Administration Advertising

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

.” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. The vulnerability could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Hacking Software

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. Amobee , the Redwood City, Calif. The CEO of Amobee is Kim Perell , formerly CEO of Adconion.

Media

Media Government Marketing Internet

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. Pierluigi Paganini.

Identity Theft

Identity Theft Hacking System Administration Advertising

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. But what kind of malware is this Elknot Trojan? This malware is an update and reuse from the Elknot’s malware source code.

DDOS

DDOS Malware Encryption Penetration Testing

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

Cisco advisory reveals that the vulnerability could be also exploited remotely by leveraging the operating system remote management tools. The issue could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Software Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Media Authentication

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

The gang stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks and other financial institutions. Hladyr is suspected to be a system administrator for the group. The man is suspected to be a supervisor of the group.

Banking

Banking Cybercrime Identity Theft Penetration Testing

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. ru , which at one point advertised the sale of wooden staircases. 2011 said he was a system administrator and C++ coder.

Ransomware

Ransomware Cybercrime Accountability Malware

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware

Malware Social Engineering Encryption Marketing

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

We discovered the malware as part of an attack against a high-profile organization in Vietnam. We found the loader for this file so interesting that we decided to base one of the tracks of our Targeted Malware Reverse Engineering course on it. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware

Ransomware Malware Banking Encryption

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

It could be a system administrator who has access to sensitive defense information and recently just met an attractive fitness influencer on social media (hello, Iran !). That means that most spam that shows up isn’t really trying to do anything other than get you to respond, look at a product, or otherwise advertise a service.

Phishing

Phishing Accountability Social Engineering Mobile

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. PerSwaysion campaign is a series of Malware-as-a-Service-based operations. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Financial Services Cloud Migration

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

This reveals a likely blind spot for defenders and endpoint vendors: in a number of cases, perhaps even the majority, attackers have no need for 0-days and malware deployment to gain access to the information they need. One of these, Manjusaka , is advertised as an imitation of the Cobalt Strike framework. SIGINT-delivered malware.

Firmware

Firmware Surveillance Mobile Telecommunications

Who and What is Behind the Malware Proxy Service SocksEscort?

Orcus RAT Author Charged in Malware Scheme

Webinars

Trending Sources

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Webinars

FBI and CISA published a new advisory on AvosLocker ransomware

US govt agencies share details of the China-linked espionage malware Taidoor

Meet the Administrators of the RSOCKS Proxy Botnet

WeSteal, a shameless commodity cryptocurrency stealer available for sale

FireEye experts found source code for CARBANAK malware on VirusTotal?

FireEye experts found source code for CARBANAK malware on VirusTotal?

Malvertiser copies PC news site to deliver infostealer

Canadian Police Raid ‘Orcus RAT’ Author

CISA’s MAR warns of North Korean BLINDINGCAN RAT

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Yomi Hunter Catches the CurveBall

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Lazarus APT Targeting Cryptocurrency, CISA Warns

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

US authorities charged Dridex gang members for stealing over $100 Million

Roboto, a new P2P botnet targets Linux Webmin servers

CIA elite hacking unit was not able to protect its tools and cyber weapons

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

USBAnywhere BMC flaws expose Supermicro servers to hack

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

How Did Authorities Identify the Alleged Lockbit Boss?

Updates from the MaaS: new threats delivered through NullMixer

IT threat evolution Q2 2021

The Phight Against Phishing

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Advanced threat predictions for 2023

Stay Connected