Antivirus, Cryptocurrency, Hacking and Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

The Hacker News

APRIL 24, 2024

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

Antivirus

Antivirus Cryptocurrency Malware Software

Backdoors and Miners Amid eScan Antivirus Backdoor Exploit

Security Boulevard

MAY 10, 2024

Recently, a wave of malware attacks has surfaced, exploiting vulnerabilities in the update mechanism of the eScan antivirus software. This eScan antivirus backdoor exploit distributes backdoors and cryptocurrency miners, such as XMRig, posing a significant threat to large corporate networks.

Antivirus

Antivirus Cryptocurrency Software Malware

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Scams

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Government Software

US Government Exposes North Korean Malware

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. It's interesting to see the US government take a more aggressive stance on foreign malware.

Government

Government Malware Antivirus Cryptocurrency

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious.

Hacking

Hacking Cybercrime DNS Antivirus

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. There is the name of the malware itself.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. One of those threat actors was just convicted in a United States courtroom.

Antivirus

Antivirus Malware Software Cryptocurrency

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. One of those threat actors was just convicted in a United States courtroom.

Antivirus

Antivirus Malware Software Cryptocurrency

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Security Boulevard

MARCH 30, 2022

Introduction: Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials. BlackGuard detects antivirus processes. This allows it to bypass antivirus and string-based detection.

Malware

Malware Hacking Antivirus Passwords

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” continues the report.

Antivirus

Antivirus Cryptocurrency Malware Software

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. SecurityAffairs – hacking, Log4Shell). Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. Pierluigi Paganini.

DDOS

DDOS Malware Antivirus Firewall

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware

Malware Banking Healthcare Penetration Testing

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Security Affairs

APRIL 27, 2021

Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices.

Technology

Technology Malware Threat Detection Antivirus

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. ” reads the report. ” concludes ESET.

Cryptocurrency

Cryptocurrency Antivirus Malware Advertising

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. What should we learn from this?

Malware

Malware Computers and Electronics Encryption Ransomware

Cryptocurrency Attacks to be Aware of in 2021

Digital Shadows

JUNE 7, 2021

It’s been a pretty big year so far for cryptocurrency. Cryptocurrencies’ current total market cap sits just above $1.7 The cryptocurrency exchange Coinbase recently launched an IPO, India has reversed a ban on cryptocurrencies, and ransomware groups continue to demand payment in anonymity-based cryptocurrency.

Cryptocurrency

Cryptocurrency Phishing Advertising Antivirus

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

“To avoid detection by antivirus software, the RAT employs command and control functionality through a Telegram bot. The malware supports 19 functions, each serving a unique purpose. The malware implements multiple anti-analysis features and evasion techniques. ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware

Malware Adware Architecture Antivirus

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. The BlackRock malware borrows the code from the Xerxes banking malware, which is a strain of the popular LokiBot Android trojan. Coinbase, BitPay, and Coinbase), and banks (i.e.

Malware

Malware Banking Mobile Spyware

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers.

Banking

Banking Antivirus Mobile Malware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection.

Antivirus

Antivirus Malware Cryptocurrency Software

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Cryptocurrency Internet Internet

NFTs – Protecting the investment

CyberSecurity Insiders

JANUARY 20, 2022

Cryptocurrency has been subjected to a rapidly changing balance of laws for the government to try and control it through regulation. Indeed, Vice recently reported that the US tax authorities had placed sanctions on 57 cryptocurrency addresses and one popular exchange due to their connections with money laundering. Staying ahead.

Cryptocurrency

Cryptocurrency Marketing Scams Government

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. SecurityAffairs – hacking, SharkBot). ” concludes the report.

Banking

Banking Mobile Social Engineering Malware

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

Both exchanges are structured in a way that probably wouldn’t obligate them to comply with law enforcement requests and both were founded by Chinese nationals that moved their business to countries that are more friendly to cryptocurrency exchanges. SecurityAffairs – hacking, Ryuk ransomware). ” concludes the report.

Ransomware

Ransomware Cryptocurrency Antivirus Banking

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

SecurityAffairs – hacking, newsletter). If you want to also receive for free the newsletter with the international press subscribe here. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT

IoT DNS Antivirus DDOS

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . Researchers at Z s caler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. .

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus.

Banking

Banking Malware Mobile Accountability

Could Your Company Survive a Ransomware Attack?

CyberSecurity Insiders

AUGUST 26, 2022

Ransomware is a cyberattack that uses malware – software created to infiltrate a computer system and damage or disrupt it. A ransomware attack occurs when somebody hacks a person’s or company’s computer system and demands a ransom payment in return. The malware demanded over $500 from each person who inserted the floppy disk.

Ransomware

Ransomware Education Software Malware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS

DNS Antivirus Cryptocurrency Software

Romanian duo convicted of fraud Scheme infecting 400,000 computers

Security Affairs

APRIL 14, 2019

The malware was developed to steal credentials, financial data, personal information, then the crooks offered them on the dark web marketplaces. The crooks used malicious emails purporting to be legitimate from such entities as Western Union, Norton AntiVirus and the IRS to spread the malware.

Cryptocurrency

Cryptocurrency Identity Theft Advertising Accountability

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Also read: Best Antivirus Software of 2022. billion malware attacks were identified by the report. Restoration is offered in exchange for a ransom, usually in cryptocurrencies. Also read: Mobile Malware: Threats and Solutions. Cyberattack Statistics. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4

Backups

Backups Ransomware Firewall Malware

Security Affairs newsletter Round 261

Security Affairs

APRIL 26, 2020

SecurityAffairs – newsletter, hacking). Are Maze operators behind the attack on the IT services giant Cognizant? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Hacking Advertising Antivirus

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

Trending Sources

Backdoors and Miners Amid eScan Antivirus Backdoor Exploit

Calendar Meeting Links Used to Spread Mac Malware

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

US Government Exposes North Korean Malware

No, I Did Not Hack Your MS Exchange Server

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Convicted: He Helped Cybercriminals Evade Antivirus

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Convicted: He Helped Cybercriminals Evade Antivirus

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Crooks made more than $560K with a simple clipboard hijacker

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Grandoreiro banking malware targets Mexico and Spain

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Threat actors target crypto and NFT communities with Babadeda crypter

Top 10 Malware Strains of 2021

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Microsoft Defender uses Intel TDT technology against crypto-mining malware

New KryptoCibule Windows Trojan spreads via malicious torrents

Wannacry, the hybrid malware that brought the world to its knees

Cryptocurrency Attacks to be Aware of in 2021

QwixxRAT, a new Windows RAT appears in the threat landscape

New variant for Mac Malware XCSSET compiled for M1 Chips

New Windows Meduza Stealer targets tens of crypto wallets and password managers

New Android BlackRock malware targets hundreds of apps

SharkBot, the new generation banking Trojan distributed via Play Store

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

NFTs – Protecting the investment

SharkBot, a new Android Trojan targets banks in Europe

Ryuk ransomware operations already made over $150M

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs newsletter Round 364 by Pierluigi Paganini

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

A new SharkBot variant bypassed Google Play checks again

Could Your Company Survive a Ransomware Attack?

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Glupteba botnet is back after Google disrupted it in December 2021

Romanian duo convicted of fraud Scheme infecting 400,000 computers

What is a Cyberattack? Types and Defenses

Security Affairs newsletter Round 261

Stay Connected