Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 100

Antivirus Malware DNS Cryptocurrency 100

SecureList

JUNE 5, 2023

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The encrypted data is stored inside the malicious payload. To do so, it performs a DNS request to don-dns[.]com

Cryptocurrency 78

Cryptocurrency DNS Malware Encryption 78

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer.

DNS 141

DNS Antivirus Malware Encryption 141

Krebs on Security

MARCH 28, 2021

Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute. .”

Hacking 352

Hacking Cybercrime DNS Antivirus 352

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 107

Malware DNS Encryption Cryptocurrency 107

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 91

Malware Ransomware Encryption Energy and Utilities 91

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. Figure 5: Final payload written in the registry key in base64 Format. The Payload. Static payload data.

Malware 71

Malware Advertising DNS Antivirus 71