Antivirus, Cybercrime, Hacking and Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz ” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. “Antivirus software trusts signed programs more.

Malware

Malware Cybercrime Software Antivirus

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers.

Hacking

Hacking Cybercrime DNS Antivirus

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. ” reads the press release published by the Europol. ” continues the press release.

Malware

Malware Antivirus Cybercrime Software

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. sys can be integrated into any malware.”

Antivirus

Antivirus Ransomware Malware Cybercrime

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. Scammers and malware operators are increasingly adept at mimicking popular brands in their ad snippets, which makes it problematic for the average user to tell the wheat from the chaff. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime

Cybercrime Advertising Engineering Antivirus

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software.

Antivirus

Antivirus Malware Software Cryptocurrency

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software.

Antivirus

Antivirus Malware Software Cryptocurrency

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. SecurityAffairs – hacking, UNC2465). The post UNC2465 cybercrime group launched a supply chain attack on CCTV vendor appeared first on Security Affairs. Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Software

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. SecurityAffairs – hacking, Brute Ratel). in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities. “Symbiote is a malware that is highly evasive.

Malware

Malware DNS Antivirus Passwords

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. SecurityAffairs – hacking, NetDooka).

Malware

Malware Antivirus DDOS Hacking

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. ” A number of questions, indeed. ” A number of questions, indeed.

Phishing

Phishing Cybercrime Malware Advertising

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. SecurityAffairs – hacking, Log4Shell). Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware

Malware Antivirus Manufacturing Healthcare

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

Phishing scams, malware, ransomware and data breaches are just some of the examples of cyberthreats that can devastate business operations and the protection of consumer information. The Morris worm was created by researcher Robert Morris and was considered one of the earliest forms of malware. Lessons learned.

Cybersecurity

Cybersecurity Hacking Identity Theft Technology

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files.

Ransomware

Ransomware Encryption Antivirus VPN

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. Pierluigi Paganini.

DDOS

DDOS Malware Antivirus Firewall

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories. Threat actors have published ID cards as proof of hack.

Retail

Retail Ransomware Encryption Hacking

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware

Malware Banking Penetration Testing Healthcare

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

SEPTEMBER 22, 2018

The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison. Scan4you is a VirusTotal like online multi-engine antivirus scanning service that could be used by vxers to test evasion abilities of their malware against the major antiviruses.

Malware

Malware Antivirus Retail Advertising

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. “The 911[.]re Image: University of Sherbrooke.

VPN

VPN Computers and Electronics Antivirus Software

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale.

Antivirus

Antivirus Malware Cybercrime Cyber threats

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. SecurityAffairs – hacking, Norway).

Malware

Malware Passwords Advertising Antivirus

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

JUNE 12, 2019

FireEye documented obfuscation techniques used by the group in June 2017 and the involvement of PUNCHTRACK POS-scraping malware. The ShellTea backdoor was analyzed by researchers Root9b in June 2017, the malware was used by threat actors to deliver the PoC malware. ” reads the analysis published by Morphisec.

Hacking

Hacking Malware Advertising Retail

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. SecurityAffairs – hacking, DLL hijacking). To nominate, please visit:?

Ransomware

Ransomware Antivirus Malware Encryption

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

“To avoid detection by antivirus software, the RAT employs command and control functionality through a Telegram bot. The malware supports 19 functions, each serving a unique purpose. The malware implements multiple anti-analysis features and evasion techniques. ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Antivirus Encryption Backups

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. The banking Trojan uses Domain Generation Algorithm (DGA), which is rarely used by Android malware. This is the exact case we observed with the Sharkbot malware.” To nominate, please visit:?

Banking

Banking Antivirus Malware Accountability

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware

Ransomware System Administration Antivirus Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Why Malware Crypting Services Deserve More Scrutiny

Trending Sources

Ask Fitis, the Bear: Real Crooks Sign Their Malware

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

No, I Did Not Hack Your MS Exchange Server

Romanians arrested for running underground malware services

Cactus ransomware gang claims the Schneider Electric hack

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

Convicted: He Helped Cybercriminals Evade Antivirus

Convicted: He Helped Cybercriminals Evade Antivirus

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

15 billion credentials available in the cybercrime marketplaces

Info stealers and how to protect against them

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Symbiote, a nearly-impossible-to-detect Linux malware?

NetDooka framework distributed via a pay-per-install (PPI) malware service

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Grandoreiro banking malware targets Mexico and Spain

TrickGate, a packer used by malware to evade detection since 2016

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Akira ransomware received $42M in ransom payments from over 250 victims

Chinese-speaking cybercrime gang Rocke changes tactics

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Top 10 Malware Strains of 2021

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

A Deep Dive Into the Residential Proxy Service ‘911’

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

CISA’s advisory warns of notable increase in LokiBot malware

Wannacry, the hybrid malware that brought the world to its knees

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Bitdefender released a free decryptor for the MortalKombat Ransomware family

BlackCat Ransomware gang breached over 60 orgs worldwide

An expert shows how to stop popular ransomware samples via DLL hijacking

QwixxRAT, a new Windows RAT appears in the threat landscape

Bitdefender released a free decryptor for the MegaCortex ransomware

SharkBot Banking Trojan spreads through fake AV apps on Google Play

FBI and CISA published a new advisory on AvosLocker ransomware

Stay Connected