Antivirus, Cryptocurrency, Cybercrime and Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

Both exchanges are structured in a way that probably wouldn’t obligate them to comply with law enforcement requests and both were founded by Chinese nationals that moved their business to countries that are more friendly to cryptocurrency exchanges. ” concludes the report.

Ransomware

Ransomware Cryptocurrency Antivirus Banking

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram bot, providing them with unauthorized access to the victim’s sensitive information.” ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Antivirus

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer that was first analyzed by Fortinet in February 2020. ViperSoftX also checks for active antivirus products running on the machine. ” reads the analysis published by Trend Micro. ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

The scripts will also infect the victim’s computer with the Raccoon Stealer info-stealing trojan which allows operators to steal login credentials, cookies, auto-fill data, and credit cards saved on web browsers, along with cryptocurrency wallets.

DDOS

DDOS Malware Antivirus Firewall

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. Once the banking Trojan is installed on the victim’s device, threat actors can steal sensitive banking information through the abuse of Accessibility Services (i.e.

Banking

Banking Mobile Social Engineering Malware

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The loader is also designed to gather system information, retrieve a list of installed antivirus solutions, cryptocurrency wallets, banking, and mail apps, and exfiltrate the information to a remote server. That’s not all. ” concludes the report.

Banking

Banking Malware Antivirus Phishing

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS

DNS Antivirus Cryptocurrency Software

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. About the author: Salvatore Lombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts.

Banking

Banking Malware Mobile Accountability

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another technique used by cybercriminals to bypass antivirus systems is a targeted attack, in which malicious email are delivered outside regular working hours. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

The Retadup bot has been around since at least 2015, it was involved in several malicious campaigns aimed at delivering malware such as information stealers, ransomware and miners. In recent campaigns, the Retadup worm was observed delivering Monero cryptocurrency miners in Latin America.

Malware

Malware Advertising Antivirus Cryptocurrency

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

The macro might also purposely attempt to bypass endpoint security defenses. . The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection. The police also seized around 20,000 Euro (around $22,000) in cryptocurrency such as Bitcoins. .

Malware

Malware Social Engineering Advertising Antivirus

Clipper attacks use Trojanized TOR Browser installers

Security Affairs

MARCH 29, 2023

The experts were not able to determine the amount of Monero cryptocurrencies stolen by the threat actors due to the privacy features supported by the cryptocurrency scheme. “A mistake likely made by all victims of this malware was to download and run Tor Browser from a third-party resource. ” concludes the report.

Malware

Malware Passwords Cryptocurrency Antivirus

Security Affairs newsletter Round 407 by Pierluigi Paganini

Security Affairs

FEBRUARY 19, 2023

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers GoDaddy discloses a new data breach Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb German airport websites hit by DDos attacks once again Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine CISA adds Cacti, Office, Windows (..)

DDOS

DDOS Data breaches Surveillance Ransomware

How Not to Pay the Ransom? No Soup For You, Ransomware!

Thales Cloud Protection & Licensing

AUGUST 11, 2021

Be it health care or information security, it reasonably attempts to take actions in advance. Intergovernmental organizations, national police departments, and antivirus vendors do their best to have the information corrupted by encryption malware available to its legitimate holders. They do it free of charge.

Ransomware

Ransomware Insurance Encryption Cyber Insurance

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime

Cybercrime Spyware Data breaches Antivirus

ChatGPT: Cybersecurity friend or foe?

Malwarebytes

MAY 21, 2023

For example, Malwarebytes asked ChatGPT to write the opening paragraph of a novel about an antiquated antivirus program that relies on signature-based detection to stop new and emerging threats. Here's what the program came back with: “The antivirus program blinked to life, its archaic interface flickering on the outdated CRT monitor.

Cybersecurity

Cybersecurity Artificial Intelligence Social Engineering Engineering

Cyber Security Informer

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Webinars

Trending Sources

Chinese-speaking cybercrime gang Rocke changes tactics

Webinars

Threat actors target crypto and NFT communities with Babadeda crypter

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Ryuk ransomware operations already made over $150M

QwixxRAT, a new Windows RAT appears in the threat landscape

New Windows Meduza Stealer targets tens of crypto wallets and password managers

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

SharkBot, a new Android Trojan targets banks in Europe

Grandoreiro banking malware targets Mexico and Spain

Glupteba botnet is back after Google disrupted it in December 2021

Wannacry, the hybrid malware that brought the world to its knees

A new SharkBot variant bypassed Google Play checks again

Ransomware Revival: Troldesh becomes a leader by the number of attacks

French Police remotely disinfected 850,000 PCs from RETADUP bot

Dutch police arrested the author of Dryad and Rubella Macro Builders

Clipper attacks use Trojanized TOR Browser installers

Security Affairs newsletter Round 407 by Pierluigi Paganini

How Not to Pay the Ransom? No Soup For You, Ransomware!

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

ChatGPT: Cybersecurity friend or foe?

Stay Connected