Antivirus, Cryptocurrency and DNS - Cyber Security Informer

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

SteelFox resolves this via Google Public DNS and DNS over HTTPS (DoH). GitHub payloads After that, the malware resolves the IP address behind the ankjdans[.]xyz xyz domain which serves as a C2 server. Although the domain is hardcoded, switching IPs behind it helps the attacker remain undetected. communication.

Software

Software Cryptocurrency Malware DNS

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus

Antivirus Cryptocurrency Malware Software

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS.

Hacking

Hacking Cybercrime DNS Antivirus

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS

DNS Malware Internet Internet

Ad blocker with miner included

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer.

DNS

DNS Antivirus Malware Encryption

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. .

Cybercrime

Cybercrime DNS Malware Advertising

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS

DNS Antivirus Cryptocurrency Software

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

IoT

IoT DNS Antivirus Malware

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware

Malware DNS Encryption Cryptocurrency

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

It involves DNS cache poisoning as it redirects users to a malicious site even if they enter the correct web address. Another successful strategy for preventing phishing is to secure your device using anti-malware, antivirus, VPN and other security softwares. She is a small business owner, traveler and investor of cryptocurrencies.

Phishing

Phishing Accountability Authentication Passwords

TeamTNT with new campaign aka “Chimaera”

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. As of August 30, 2021, many malware samples still have zero antivirus (AV) detections and others have low detection rates. Windows component – Set up a cryptocurrency miner. Background. Appendix B.

Cryptocurrency

Cryptocurrency Malware Passwords Authentication

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org After parsing the response to the DNS request, the backdoor launches a reverse shell, using the secondary C2 server for communications. org domain. Otherwise, the reverse shell is created by the crond backdoor itself.

Malware

Malware Ransomware Encryption Energy and Utilities

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Oftentimes this is credential data, but it can be any data that may have financial value to an adversary; this includes paid online service accounts, cryptocurrency wallets, instant messenger, or email contacts lists, etc. Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

Satacom delivers browser extension that steals cryptocurrency

SecureList

JUNE 5, 2023

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. To do so, it performs a DNS request to don-dns[.]com com (a decrypted HEX string) through Google DNS (8.8.8.8,

Cryptocurrency

Cryptocurrency DNS Malware Encryption

The Hacker Mind Podcast: Scanning the Internet

ForAllSecure

NOVEMBER 2, 2021

He works for an antivirus company and he's been scanning for malware families on the internet. Vamosi: Most antivirus products are found on Windows, much less so on Mac and Linux. Behind that is a sequence of numbers resolved by your DNS and that sequence of numbers is the site's IP address. At this year's sector.

Internet

Internet Internet Malware Authentication

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Install an antivirus solution that includes anti-adware capabilities. If your antivirus software fails to notice a new strain, you can reinstall the browser. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.”

Malware

Malware Adware Spyware Antivirus

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. Figure 5: Final payload written in the registry key in base64 Format. The Payload. Static payload data.

Malware

Malware Advertising DNS Antivirus

Lumma information stealer infrastructure disrupted

Malwarebytes

MAY 22, 2025

Depending on the type of infostealer and the goals of the operator, infostealers can be interested in taking anything from usernames and passwords to credit card details, and cryptocurrency wallets. Government agencies and researchers sometimes alter DNS addresses to lead the traffic to their own servers (called sinkholes).

Passwords

Passwords Cryptocurrency Social Engineering Malware

Cyber Security Informer

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Trending Sources

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

No, I Did Not Hack Your MS Exchange Server

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Ad blocker with miner included

Chinese-speaking cybercrime gang Rocke changes tactics

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs newsletter Round 364 by Pierluigi Paganini

StripedFly: Perennially flying under the radar

5 Common Phishing Attacks and How to Avoid Them?

TeamTNT with new campaign aka “Chimaera”

IT threat evolution Q3 2023

Mystic Stealer

Satacom delivers browser extension that steals cryptocurrency

The Hacker Mind Podcast: Scanning the Internet

Types of Malware & Best Malware Protection Practices

LimeRAT spreads in the wild

Lumma information stealer infrastructure disrupted

Stay Connected