Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 133

Antivirus Malware DNS Cryptocurrency 133

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. is forums.

Advertising 142

Advertising Cybercrime Hacking Ransomware 142

Security Affairs

MAY 1, 2025

A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The DarkWatchman malware can evade detection by standard antivirus software.

Malware 87

Malware Phishing Telecommunications Antivirus 87

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection 101

Consumer Protection Identity Theft Scams Social Engineering 101

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware 118

Malware Scams Identity Theft Antivirus 118

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware 143

Malware Antivirus Cybercrime Software 143

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. Such is the case of mhyprot2.sys, Pierluigi Paganini.

Antivirus 98

Antivirus Ransomware Malware Cybercrime 98

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime 112

Cybercrime Ransomware Software Antivirus 112

Security Affairs

APRIL 22, 2025

Keeping devices updated and using reliable antivirus software also helps prevent malware-related data theft. Japan s Financial Services Agency (FSA) recommends checking the warning issued by the Japan Securities Dealers Association regarding matters to be aware of when using securities companies’ online trading services.

Financial Services 121

Financial Services Passwords Accountability Antivirus 121

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime 94

Cybercrime DNS Malware Advertising 94

Security Affairs

NOVEMBER 3, 2022

The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. The sample is a binary compiled with Visual Basic which displays a fake Windows Security GUI and tray icon with a “healthy” system status, even if Windows Defender and other system functionalities are disabled.

Cybercrime 110

Cybercrime Ransomware Antivirus Malware 110

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus 66

Antivirus Firmware Encryption Manufacturing 66

Security Affairs

FEBRUARY 13, 2025

Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK — SteamDB (@SteamDB) February 12, 2025 The game PirateFi was released as beta, but multiple antivirus flagged it as “Trojan.Win32.Lazzzy.gen.” Lazzzy.gen.” SteamDB estimates that over 800 users may have downloaded the game.

Malware 111

Malware Antivirus Accountability Software 111

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware 123

Malware Cryptocurrency Mobile Firmware 123

Security Affairs

NOVEMBER 6, 2024

” The hospital identified the ransomware attack early Saturday after antivirus software installed on the employees’ PCs flagged potential risks. While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation.”

Ransomware 127

Ransomware Healthcare Antivirus Data breaches 127

Security Affairs

FEBRUARY 4, 2025

It gathers system details, including antivirus information, encodes the data, and sends it to a remote server. .” The decrypted MSIL file maintains persistence by modifying the Windows registry to execute a PowerShell command that downloads the Coyote Banking Trojan.

Banking 119

Banking Malware Antivirus Cyber threats 119

Security Affairs

NOVEMBER 17, 2024

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware 116

Malware Antivirus Encryption Education 116

Zero Day

JUNE 6, 2025

The data in question was posted on a Russian cybercrime forum on May 15 and then uploaded again on June 3, apparently garnering attention from other cybercriminals and potential buyers. With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. .” concludes the report that includes indicators of compromise (IoCs).

Malware 130

Malware Manufacturing Mobile Spyware 130

Security Affairs

DECEMBER 17, 2024

Recommendations include timely patching, using strong and unique passwords, enabling multi-factor authentication, implementing security tools to detect abnormal activity, auditing accounts, scanning for open ports, segmenting networks, updating antivirus software, and creating offline backups.

Architecture 109

Architecture Internet Internet Malware 109

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. The malicious LNK files, created on two machines, contain PowerShell code to download the next stage payload and a decoy file to disguise the infection.

Phishing 114

Phishing Antivirus Encryption Hacking 114

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime. Once installed on a system, info stealers often aim to remain undetected for as long as possible.

Banking 135

Banking Cybercrime Malware Accountability 135

Security Affairs

JULY 15, 2024

Experts observed that the Russian cybercrime group FIN7 has been exploiting the vulnerability since April 2023, while Researchers from BlackBerry reported that in June 2024, a threat actor targeted a Latin American airline with the Akira ransomware. ” reads the report published by BlackBerry.

Backups 141

Backups Ransomware Antivirus DNS 141

Security Affairs

NOVEMBER 5, 2024

“An important question arising from this analysis is not just how to defend against threats like ToxicPanda but why contemporary antivirus solutions have struggled to detect a threat that is, in technical terms, relatively straightforward. Spain and Peru, at 3.9% and 3.4%, indicate a potential expansion into Latin America.

Banking 123

Banking Malware Accountability Authentication 123

Security Affairs

APRIL 21, 2025

The malware maintains a low detection rate among antivirus solutions due to its minimal permission model and narrow focus on NFC relay attacks. The malware also uses stored ATR messages to enable card emulation, helping attackers trick POS terminals and ATMs into accepting the relayed card as genuine.

Malware 108

Malware Social Engineering Banking Engineering 108

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. By December 2024, reports emerged of further miner-infected versions spreading via Telegram and YouTube. It fetched a second-stage payload from hardcoded domains, executing it as t.py

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Security Affairs

MARCH 7, 2025

Upon gaining initial access to the target, Medusa hackers use remote management and monitoring (RMM) tools like SimpleHelp and AnyDesk for maintaining persistence and employ BYOVD with KillAV to disable antivirus, a tactic seen in BlackCat and RansomHub ransomware operations.

Ransomware 64

Ransomware Antivirus Healthcare Encryption 64

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. SecurityAffairs – hacking, cybercrime). The post Trend Micro addresses two issues exploited by hackers in the wild appeared first on Security Affairs. Pierluigi Paganini.

Authentication 137

Authentication Advertising Antivirus Cybercrime 137

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Review antivirus logs for indications they were unexpectedly turned off. Install and regularly update antivirus and anti-malware software on all hosts. Implement network segmentation.

Ransomware 136

Ransomware Antivirus Passwords Malware 136

Security Affairs

SEPTEMBER 7, 2020

A recently discovered cybercrime gang, tracked as Epic Manchego , is using a new technique to create weaponized Excel files that are able to bypass security checks. Some antivirus solutions specifically analyze this section look for malicious VBA code in the Excel docs.

Cybercrime 137

Cybercrime Phishing Advertising Antivirus 137

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware 64

Malware Spyware Antivirus VPN 64

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. This decoy screen, which performs no other actions, is likely to avoid detection by most antivirus software.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. This includes BreachForums, CryptBB, RAMP, Exploit[.]in,

Hacking 120

Hacking Cybercrime Ransomware Antivirus 120

Security Affairs

SEPTEMBER 13, 2024

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Malware 141

Malware Firmware Antivirus Manufacturing 141

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. ” Fortinet concludes.

Cybercrime 93

Cybercrime Antivirus Identity Theft Advertising 93

Security Affairs

MARCH 26, 2025

It contacts a C2 server, gains persistence, and collects system information. While only one sample is currently detected by antivirus tools, many others remain undetected. it remained largely undetected until resurfacing in late 2024 with new variants written in Crystal, Nim, and Rust.

Malware 73

Malware Adware Antivirus Marketing 73

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus 104

Antivirus Malware Cybercrime Cyber threats 104