Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. is forums.

Advertising 139

Advertising Cybercrime Hacking Ransomware 139

Security Affairs

MAY 1, 2025

A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The DarkWatchman malware can evade detection by standard antivirus software.

Malware 81

Malware Phishing Telecommunications Retail 81

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware 114

Malware Scams Identity Theft Antivirus 114

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware 140

Malware Antivirus Cybercrime Software 140

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. Such is the case of mhyprot2.sys, Pierluigi Paganini.

Antivirus 98

Antivirus Ransomware Malware Cybercrime 98

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime 109

Cybercrime Ransomware Software Antivirus 109

Security Affairs

APRIL 22, 2025

Keeping devices updated and using reliable antivirus software also helps prevent malware-related data theft. Japan s Financial Services Agency (FSA) recommends checking the warning issued by the Japan Securities Dealers Association regarding matters to be aware of when using securities companies’ online trading services.

Financial Services 116

Financial Services Passwords Accountability Antivirus 116

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime 90

Cybercrime DNS Malware Advertising 90

Security Affairs

NOVEMBER 3, 2022

The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. The sample is a binary compiled with Visual Basic which displays a fake Windows Security GUI and tray icon with a “healthy” system status, even if Windows Defender and other system functionalities are disabled.

Cybercrime 108

Cybercrime Ransomware Antivirus Malware 108

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus 63

Antivirus Firmware Encryption Manufacturing 63

Security Affairs

FEBRUARY 13, 2025

Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK — SteamDB (@SteamDB) February 12, 2025 The game PirateFi was released as beta, but multiple antivirus flagged it as “Trojan.Win32.Lazzzy.gen.” Lazzzy.gen.” SteamDB estimates that over 800 users may have downloaded the game.

Malware 107

Malware Antivirus Accountability Software 107

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware 118

Malware Cryptocurrency Mobile Firmware 118

Security Affairs

NOVEMBER 6, 2024

” The hospital identified the ransomware attack early Saturday after antivirus software installed on the employees’ PCs flagged potential risks. While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation.”

Ransomware 123

Ransomware Healthcare Antivirus Data breaches 123

Security Affairs

FEBRUARY 4, 2025

It gathers system details, including antivirus information, encodes the data, and sends it to a remote server. .” The decrypted MSIL file maintains persistence by modifying the Windows registry to execute a PowerShell command that downloads the Coyote Banking Trojan.

Banking 115

Banking Malware Antivirus Cyber threats 115

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. .” concludes the report that includes indicators of compromise (IoCs).

Malware 125

Malware Manufacturing Mobile Spyware 125

Security Affairs

DECEMBER 17, 2024

Recommendations include timely patching, using strong and unique passwords, enabling multi-factor authentication, implementing security tools to detect abnormal activity, auditing accounts, scanning for open ports, segmenting networks, updating antivirus software, and creating offline backups.

Architecture 105

Architecture Internet Internet Malware 105

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. The malicious LNK files, created on two machines, contain PowerShell code to download the next stage payload and a decoy file to disguise the infection.

Phishing 110

Phishing Antivirus Encryption Hacking 110

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime. Once installed on a system, info stealers often aim to remain undetected for as long as possible.

Banking 131

Banking Cybercrime Malware Accountability 131

Security Affairs

APRIL 24, 2025

Invest in a comprehensive security suite Choose antivirus software that includes phishing protection, threat detection, and automatic updates to ensure maximum protection. In times of grief or global attention, stay informed and cautious to prevent curiosity from becoming a gateway for cybercriminals.

Scams 123

Scams Artificial Intelligence Threat Detection Malware 123

Security Affairs

JULY 15, 2024

Experts observed that the Russian cybercrime group FIN7 has been exploiting the vulnerability since April 2023, while Researchers from BlackBerry reported that in June 2024, a threat actor targeted a Latin American airline with the Akira ransomware. ” reads the report published by BlackBerry.

Backups 139

Backups Ransomware Antivirus DNS 139

Security Affairs

NOVEMBER 5, 2024

“An important question arising from this analysis is not just how to defend against threats like ToxicPanda but why contemporary antivirus solutions have struggled to detect a threat that is, in technical terms, relatively straightforward. Spain and Peru, at 3.9% and 3.4%, indicate a potential expansion into Latin America.

Banking 119

Banking Malware Accountability Authentication 119

Security Affairs

APRIL 21, 2025

The malware maintains a low detection rate among antivirus solutions due to its minimal permission model and narrow focus on NFC relay attacks. The malware also uses stored ATR messages to enable card emulation, helping attackers trick POS terminals and ATMs into accepting the relayed card as genuine.

Malware 104

Malware Social Engineering Banking Engineering 104

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. By December 2024, reports emerged of further miner-infected versions spreading via Telegram and YouTube. It fetched a second-stage payload from hardcoded domains, executing it as t.py

Cryptocurrency 89

Cryptocurrency Malware Social Engineering Antivirus 89

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. SecurityAffairs – hacking, cybercrime). The post Trend Micro addresses two issues exploited by hackers in the wild appeared first on Security Affairs. Pierluigi Paganini.

Authentication 137

Authentication Advertising Antivirus Cybercrime 137

Security Affairs

MARCH 7, 2025

Upon gaining initial access to the target, Medusa hackers use remote management and monitoring (RMM) tools like SimpleHelp and AnyDesk for maintaining persistence and employ BYOVD with KillAV to disable antivirus, a tactic seen in BlackCat and RansomHub ransomware operations.

Ransomware 61

Ransomware Antivirus Healthcare Encryption 61

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Review antivirus logs for indications they were unexpectedly turned off. Install and regularly update antivirus and anti-malware software on all hosts. Implement network segmentation.

Ransomware 132

Ransomware Antivirus Passwords Malware 132

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. Some antivirus solutions specifically analyze this section look for malicious VBA code in the Excel docs.

Cybercrime 133

Cybercrime Phishing Advertising Antivirus 133

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. This decoy screen, which performs no other actions, is likely to avoid detection by most antivirus software.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware 61

Malware Spyware Antivirus VPN 61

Security Affairs

SEPTEMBER 13, 2024

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware 139

Malware Firmware Antivirus Manufacturing 139

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. ” Fortinet concludes.

Cybercrime 93

Cybercrime Antivirus Identity Theft Advertising 93

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. This includes BreachForums, CryptBB, RAMP, Exploit[.]in,

Hacking 116

Hacking Cybercrime Ransomware Antivirus 116

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus 103

Antivirus Malware Cybercrime Cyber threats 103

Security Affairs

MARCH 26, 2025

It contacts a C2 server, gains persistence, and collects system information. While only one sample is currently detected by antivirus tools, many others remain undetected. it remained largely undetected until resurfacing in late 2024 with new variants written in Crystal, Nim, and Rust.

Malware 69

Malware Adware Antivirus Marketing 69

Security Affairs

JULY 8, 2020

The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S. Attorney Brian T.

Hacking 111

Hacking Antivirus Advertising Cybercrime 111

Security Affairs

SEPTEMBER 29, 2024

CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw International law enforcement operation dismantled criminal communication platform Ghost U.S.

Hacking 114

Hacking Ransomware Antivirus Cybercrime 114