Antivirus, Cybercrime, Hacking and Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. SecurityAffairs – hacking, driver).

Antivirus

Antivirus Ransomware Malware Cybercrime

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta ‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. SecurityAffairs – hacking, FIN7).

Cybercrime

Cybercrime Ransomware Antivirus Malware

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. SecurityAffairs – hacking, Brute Ratel). in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Bank logs : These are sets of data containing sensitive information about a bank account. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime.

Banking

Banking Cybercrime Malware Accountability

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware

Malware Antivirus Cybercrime Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. Threat actors use FileZilla, WinRAR, WinSCP, and RClone for data exfiltration.

Ransomware

Ransomware Encryption Antivirus VPN

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

Every week the best security articles from Security Affairs free for you in your email box. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 285 appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Antivirus Data privacy Ransomware

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Review antivirus logs for indications they were unexpectedly turned off. Install and regularly update antivirus and anti-malware software on all hosts. Implement network segmentation.

Ransomware

Ransomware Antivirus Passwords Malware

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

According to Statista.com, the impact of cybercrime is expected to reach almost $13 trillion this year. Ensure that your systems are up to date with the latest security patches and software updates. Employ robust antivirus and anti-malware solutions, along with intrusion detection systems, to identify and block potential threats.

Social Engineering

Social Engineering Ransomware Engineering Phishing

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. SecurityAffairs – hacking, SharkBot). To nominate, please visit:? Pierluigi Paganini.

Banking

Banking Antivirus Malware Accountability

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software. FBI and CISA recommend testing existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory. Notepad++, RDP Scanner, and 7zip.

Ransomware

Ransomware System Administration Antivirus Malware

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. To nominate, please visit:?.

Adware

Adware Antivirus Malware Software

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

The malware used a function called “DetectAV()” to determine the antivirus solution installed on the system and uninstall it. SecurityAffairs – hacking, NetDooka). The post NetDooka framework distributed via a pay-per-install (PPI) malware service appeared first on Security Affairs. ” concludes the analysis.

Malware

Malware Antivirus DDOS Hacking

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. ” Fortinet concludes.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. SecurityAffairs – hacking, cybercrime). The post Trend Micro addresses two issues exploited by hackers in the wild appeared first on Security Affairs.

Authentication

Authentication Advertising Antivirus Cybercrime

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Security Affairs

MARCH 9, 2023

The PowerShell script is encoded to avoid detection by AntiVirus solutions. The ScrubCrypt crypter is available for sale on hacking forums, it allows securing applications with a unique BAT packing method. The experts noticed that encrypted data at the top can be split into four parts using backslash “”.

Antivirus

Antivirus Encryption Hacking Cybercrime

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” Once on the domain controller, the threat actor deactivated antivirus protocols [T1562.001] by modifying Group Policy Objects [T1484.001].”

Ransomware

Ransomware Healthcare Antivirus Encryption

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as theres nothing to kill the DLL just lives on disk waiting. SecurityAffairs – hacking, DLL hijacking). We do not need to rely on hash signature or third-party product, the malware will do the work for us.

Ransomware

Ransomware Antivirus Malware Encryption

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. Authorities also added that the man was involved in the distribution of cryptominers and wrote malware for other users on the same hacking forums.

Ransomware

Ransomware Advertising Malware Hacking

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware. ” reads the analysis published by Trend Micro.

Mobile

Mobile Advertising Malware Cybercrime

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram bot, providing them with unauthorized access to the victim’s sensitive information.” ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Hacking Vision Hacking Vision is a cybersecurity blog with a vision to bring a community of white hat security experts together to learn and gain knowledge. In this blog, you can find detailed info about ransomware protection, wireless security, and much more. Their main focus is on cybercrime investigations.

Cybersecurity

Cybersecurity IoT Antivirus Education

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Security Affairs

JANUARY 6, 2023

.” According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files. “We have already notified the National Directorate of Cyber Security and DIICOT.

Ransomware

Ransomware Antivirus Media Encryption

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Antivirus

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Security Affairs

AUGUST 2, 2022

.” SentinelOne highlights the importance of sharing information on the exploitation of novel “living off the land” tools to drop Cobalt Strike beacons and evade detection of common security solutions. SecurityAffairs – hacking, LockBit 3.0). appeared first on Security Affairs. ” concludes the analysis.

Antivirus

Antivirus Software Hacking Ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit. SecurityAffairs – hacking, babadeda). ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

NOVEMBER 25, 2021

Researchers explained that CronRAT malware is undetected by many antivirus engines, it leverages the fact that many security products do not scan the Linux cron system. “CronRAT is currently undetected by other security vendors.” SecurityAffairs – hacking, Magecart). ” concludes Sansec.

Malware

Malware Antivirus Engineering Hacking

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

“It’s important to note these payloads are less likely to be caught by antivirus solutions, versus a full-on RAT backdoor, since a Discord stealer does not modify any files, does not register itself anywhere (to be executed on next boot, for example) and does not perform suspicious operations such as spawning child processes.”

Antivirus

Antivirus Malware Accountability Firewall

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e.,

Ransomware

Ransomware DDOS Passwords Backups

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.”. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

“ZLoader has remained relevant as attackers’ tool of choice by including defense evasion capabilities, like disabling security and antivirus tools, and selling access-as-a-service to other affiliate groups, such as ransomware operators.” SecurityAffairs – hacking, ZLoader malware). To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install and regularly update antivirus software on all hosts, and enable real time detection. SecurityAffairs – hacking, Ranzy Locker ransomware). The post Ranzy Locker ransomware hit tens of US companies in 2021 appeared first on Security Affairs. Disable hyperlinks in received emails. Pierluigi Paganini.

Ransomware

Ransomware Firmware Antivirus Accountability

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Trending Sources

Cactus ransomware gang claims the Schneider Electric hack

15 billion credentials available in the cybercrime marketplaces

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Info stealers and how to protect against them

Romanians arrested for running underground malware services

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Chinese-speaking cybercrime gang Rocke changes tactics

Akira ransomware received $42M in ransom payments from over 250 victims

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs newsletter Round 285

Bitdefender released a free decryptor for the MortalKombat Ransomware family

BlackCat Ransomware gang breached over 60 orgs worldwide

Bitdefender released a free decryptor for the MegaCortex ransomware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Ransomware realities in 2023: one employee mistake can cost a company millions

SharkBot Banking Trojan spreads through fake AV apps on Google Play

FBI and CISA published a new advisory on AvosLocker ransomware

Malicious apps continue to spread through the Google Play Store

NetDooka framework distributed via a pay-per-install (PPI) malware service

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Trend Micro addresses two issues exploited by hackers in the wild

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

New CACTUS ransomware appeared in the threat landscape

The U.S. CISA and FBI warn of Royal ransomware operation

An expert shows how to stop popular ransomware samples via DLL hijacking

Belarussian authorities arrested GandCrab ransomware distributor

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

QwixxRAT, a new Windows RAT appears in the threat landscape

15 Best Cybersecurity Blogs To Read

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Cyber Security Roundup for April 2021

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Threat actors target crypto and NFT communities with Babadeda crypter

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Tens of malicious NPM packages caught hijacking Discord servers

Avoslocker ransomware gang targets US critical infrastructure

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Ranzy Locker ransomware hit tens of US companies in 2021

Stay Connected