Antivirus, Cybercrime and Hacking - Cyber Security Informer

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

“web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. 26, Shadowserver saw an attempt to install a new type of backdoor in compromised Exchange Servers, and with each hacked host it installed the backdoor in the same place: “ /owa/auth/babydraco.aspx.

Hacking

Hacking Cybercrime DNS Antivirus

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Social engineering: Cybercrime meets human hacking

Webroot

FEBRUARY 22, 2022

Whether it’s updating your antivirus software or learning to spot phishing traps with security awareness training , Webroot has you covered. The post Social engineering: Cybercrime meets human hacking appeared first on Webroot Blog. Experience powerful and reliable protection from Webroot that won’t slow you down.

Social Engineering

Social Engineering Engineering Cybercrime Hacking

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. SecurityAffairs – hacking, driver).

Antivirus

Antivirus Ransomware Malware Cybercrime

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

A stepping stone to impactful cybercrime This tactic has tangible real-world implications. A DNS firewall and a classic antivirus are somewhat underused yet effective security tools that will come in handy. A mix of social engineering, hacking, and abuse of legitimate services makes this style of online crime incredibly effective.

Cybercrime

Cybercrime Advertising Engineering Antivirus

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. One of those threat actors was just convicted in a United States courtroom.

Antivirus

Antivirus Malware Software Cryptocurrency

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. One of those threat actors was just convicted in a United States courtroom.

Antivirus

Antivirus Malware Software Cryptocurrency

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz

Malware

Malware Antivirus Cybercrime Hacking

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. SecurityAffairs – hacking, Brute Ratel). in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware

Malware Antivirus Cybercrime Software

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. “Cashout bank logs” typically refer to a type of cybercrime where individuals gain unauthorized access to banking information, often through phishing attacks or hacking, and then use that information to withdraw money or make unauthorized transactions.

Banking

Banking Cybercrime Malware Accountability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. “Antivirus software trusts signed programs more. That protracted and public conflict formed the backdrop of my 2014 book — “ Spam Nation: The Inside Story of Organized Cybercrime, from Global Epidemic to Your Front Door. Image: Ke-la.com.

Malware

Malware Cybercrime Software Antivirus

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

The news of this fast-spreading computer virus dominated headlines, and the creator, Onel de Guzman, was arrested for committing this cybercrime. It’s clear that when technology develops, people find creative ways to cause mass disruption, increasing the need for antivirus protection and firewalls. Lessons learned.

Cybersecurity

Cybersecurity Hacking Identity Theft Technology

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk.

Ransomware

Ransomware Hacking Encryption Penetration Testing

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. ” Exactly what that “new work” might entail, Saim Raza wouldn’t say. ” A number of questions, indeed.

Phishing

Phishing Cybercrime Malware Advertising

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. Threat actors have published ID cards as proof of hack.

Retail

Retail Ransomware Encryption Hacking

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. ” A depiction of the Proxygate service.

VPN

VPN Computers and Electronics Antivirus Software

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Encryption Antivirus VPN

How to Avoid Becoming a Cybercrime Victim. Part II

Spinone

AUGUST 20, 2018

Let’s discuss OS and software, antivirus, backup, mobile security, physical security and so on. Antivirus For Linux or Maс OS do not use antivirus. If you follow other recommendations from this guide, you can install antivirus that will not constantly monitor your OS and periodically scan your system with it.

Cybercrime

Cybercrime Antivirus Backups Encryption

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

JUNE 12, 2019

The malicious code uses a hacking algorithm for most of its functions, the algorithm is similar to the one implemented for previous ShellTea version. “The hospitality industry, and particularly their POS networks, continues to be one of the industries most targeted by cybercrime groups. SecurityAffairs – FIN8, hacking).

Hacking

Hacking Malware Advertising Retail

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns. SecurityAffairs – hacking, newsletter).

Advertising

Advertising Antivirus Data privacy Ransomware

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Review antivirus logs for indications they were unexpectedly turned off. Install and regularly update antivirus and anti-malware software on all hosts. Implement network segmentation.

Ransomware

Ransomware Antivirus Passwords Malware

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

The Last Watchdog

SEPTEMBER 28, 2022

Related: The threat of ‘business logic’ hacks. Because the address comes across as an internal team member, people trust them, ultimately exposing themselves to cybercrime. To prevent malicious scams, companies should do the following: •Install high-quality antivirus software and spam filters.

Phishing

Phishing Scams Cybercrime Passwords

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. It is also recommendable to check the virus vault of your antivirus. SecurityAffairs – hacking, ransomware). The typical size of the BianLian ransomware executable is around 2 MB.”

Ransomware

Ransomware Malware Antivirus Encryption

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. ru account was used without his permission.

Ransomware

Ransomware Accountability Cybercrime Backups

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. One of the SharkBot’s features detailed by the experts is its ability to auto reply to notifications from Facebook Messenger and WhatsApp to spread links to the fake antivirus apps.

Banking

Banking Antivirus Malware Accountability

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Experts pointed out that the BIOLOAD’s WinBio.dll is still detected by a limited number of antivirus on VirusTotal scanning platform despite it was compiled nine months ago.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. SecurityAffairs – hacking, cybercrime). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Antivirus Cybercrime

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

According to Statista.com, the impact of cybercrime is expected to reach almost $13 trillion this year. Employ robust antivirus and anti-malware solutions, along with intrusion detection systems, to identify and block potential threats. The recent debilitating cyberattacks on casino and resort giants MGM and Caesars are no exception.

Social Engineering

Social Engineering Ransomware Engineering Phishing

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software. Notepad++, RDP Scanner, and 7zip. AvosLocker affiliates were observed using custom PowerShell [T1059.001] and batch (.bat) Threat actors were also observed uploading and use custom webshells to enable network access [T1505.003].

Ransomware

Ransomware System Administration Antivirus Malware

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. SecurityAffairs – hacking, malware).

Adware

Adware Antivirus Malware Software

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

The malware used a function called “DetectAV()” to determine the antivirus solution installed on the system and uninstall it. SecurityAffairs – hacking, NetDooka). The malware accepts multiple arguments that indicate what action should be taken.” ” reads a report published by Trend Micro. ” concludes the analysis.

Malware

Malware Antivirus DDOS Hacking

Industry-Specific Cybersecurity: Why General Measures Aren't Enough

SecureWorld News

FEBRUARY 27, 2022

The rise of cybercrime has only been exacerbated by the COVID-19 pandemic, with Interpol describing the advance of cyberattacks coming at "an alarming pace." Cybercrime has evolved—and so has cybersecurity. It was once the case that the majority of businesses could rely on a good firewall and antivirus solution.

Cybersecurity

Cybersecurity Cybercrime Antivirus Firewall

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Security Affairs

MARCH 9, 2023

The PowerShell script is encoded to avoid detection by AntiVirus solutions. The ScrubCrypt crypter is available for sale on hacking forums, it allows securing applications with a unique BAT packing method. The experts noticed that encrypted data at the top can be split into four parts using backslash “”.

Antivirus

Antivirus Encryption Hacking Cybercrime

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

No, I Did Not Hack Your MS Exchange Server

Webinars

Trending Sources

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Webinars

Social engineering: Cybercrime meets human hacking

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Cactus ransomware gang claims the Schneider Electric hack

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

15 billion credentials available in the cybercrime marketplaces

Convicted: He Helped Cybercriminals Evade Antivirus

Convicted: He Helped Cybercriminals Evade Antivirus

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Why Malware Crypting Services Deserve More Scrutiny

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Romanians arrested for running underground malware services

Info stealers and how to protect against them

Ask Fitis, the Bear: Real Crooks Sign Their Malware

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

Chinese-speaking cybercrime gang Rocke changes tactics

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

A Deep Dive Into the Residential Proxy Service ‘911’

Akira ransomware received $42M in ransom payments from over 250 victims

How to Avoid Becoming a Cybercrime Victim. Part II

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs newsletter Round 285

Bitdefender released a free decryptor for the MortalKombat Ransomware family

BlackCat Ransomware gang breached over 60 orgs worldwide

Bitdefender released a free decryptor for the MegaCortex ransomware

GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

A Closer Look at the Snatch Data Ransom Group

SharkBot Banking Trojan spreads through fake AV apps on Google Play

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Trend Micro addresses two issues exploited by hackers in the wild

Ransomware realities in 2023: one employee mistake can cost a company millions

FBI and CISA published a new advisory on AvosLocker ransomware

Malicious apps continue to spread through the Google Play Store

NetDooka framework distributed via a pay-per-install (PPI) malware service

Industry-Specific Cybersecurity: Why General Measures Aren't Enough

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

New CACTUS ransomware appeared in the threat landscape

Stay Connected