Antivirus, Cybercrime and Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. Such is the case of mhyprot2.sys, Pierluigi Paganini.

Antivirus

Antivirus Ransomware Malware Cybercrime

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. The sample is a binary compiled with Visual Basic which displays a fake Windows Security GUI and tray icon with a “healthy” system status, even if Windows Defender and other system functionalities are disabled.

Cybercrime

Cybercrime Ransomware Antivirus Malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Illegal activities : Accessing someone else’s bank account information without authorization is illegal and considered a form of cybercrime. Once installed on a system, info stealers often aim to remain undetected for as long as possible.

Banking

Banking Cybercrime Malware Accountability

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware

Malware Antivirus Cybercrime Software

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. This includes BreachForums, CryptBB, RAMP, Exploit[.]in,

Hacking

Hacking Cybercrime Ransomware Antivirus

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Review antivirus logs for indications they were unexpectedly turned off. Install and regularly update antivirus and anti-malware software on all hosts. Implement network segmentation.

Ransomware

Ransomware Antivirus Passwords Malware

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. Splashtop, AnyDesk, SuperOps RMM) to achieve remote access and uses Cobalt Strike and the proxy tool Chisel in post-exploitation activities.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The operators frequently disable security software to evade detection and for lateral movement. The government experts observed the use of PowerTool by Akira threat actors to exploit the Zemana AntiMalware driver and terminate antivirus-related processes. Threat actors use FileZilla, WinRAR, WinSCP, and RClone for data exfiltration.

Ransomware

Ransomware Encryption Antivirus VPN

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. ” Fortinet concludes.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

According to Statista.com, the impact of cybercrime is expected to reach almost $13 trillion this year. Ensure that your systems are up to date with the latest security patches and software updates. Employ robust antivirus and anti-malware solutions, along with intrusion detection systems, to identify and block potential threats.

Social Engineering

Social Engineering Ransomware Engineering Phishing

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. “In the ever-changing contemporary (cyber-)world, nothing should be taken for granted.

Banking

Banking Antivirus Malware Accountability

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

The malware used a function called “DetectAV()” to determine the antivirus solution installed on the system and uninstall it. The malware accepts multiple arguments that indicate what action should be taken.” ” reads a report published by Trend Micro. ” concludes the analysis.

Malware

Malware Antivirus DDOS Hacking

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware. ” reads the analysis published by Trend Micro.

Mobile

Mobile Advertising Malware Cybercrime

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Krebs on Security One of the best cybersecurity blogs offering unique insights. Their main focus is on cybercrime investigations. Threat Post Threat Post is a portal, with news about everything related to recurring cybersecurity themes: attacks, cloud security, malware and ransomware, vulnerabilities, and so on.

Cybersecurity

Cybersecurity IoT Antivirus Education

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns.

Advertising

Advertising Antivirus Data privacy Ransomware

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric. SecurityAffairs – hacking, cybercrime). The post Trend Micro addresses two issues exploited by hackers in the wild appeared first on Security Affairs. Pierluigi Paganini.

Authentication

Authentication Advertising Antivirus Cybercrime

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free.

Ransomware

Ransomware Antivirus Encryption Backups

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store.

Adware

Adware Antivirus Malware Software

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” Once on the domain controller, the threat actor deactivated antivirus protocols [T1562.001] by modifying Group Policy Objects [T1484.001].”

Ransomware

Ransomware Healthcare Antivirus Encryption

Global Effort Seizes EMOTET Botnet

SecureWorld News

JANUARY 28, 2021

This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.". EMOTET gained notoriety for being one of the most professional and longest lasting cybercrime services to exist. Most antivirus programs look for known malware codes, making a code change difficult to be detected.

Cybercrime

Cybercrime Malware Antivirus Banking

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as theres nothing to kill the DLL just lives on disk waiting. The exploit dll will check if the current directory is “C:WindowsSystem32″, if not we grab our process ID and terminate.

Ransomware

Ransomware Antivirus Malware Encryption

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software. Notepad++, RDP Scanner, and 7zip. AvosLocker affiliates were observed using custom PowerShell [T1059.001] and batch (.bat) Threat actors were also observed uploading and use custom webshells to enable network access [T1505.003].

Ransomware

Ransomware System Administration Antivirus Malware

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram bot, providing them with unauthorized access to the victim’s sensitive information.” ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

“It’s important to note these payloads are less likely to be caught by antivirus solutions, versus a full-on RAT backdoor, since a Discord stealer does not modify any files, does not register itself anywhere (to be executed on next boot, for example) and does not perform suspicious operations such as spawning child processes.”

Antivirus

Antivirus Malware Accountability Firewall

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Antivirus

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Security Affairs

JANUARY 6, 2023

.” According to the media outlet, the attack was sophisticated, and both the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) and the Romanian antivirus firm BitDefender were not able to decrypt the files. “We have already notified the National Directorate of Cyber Security and DIICOT.

Ransomware

Ransomware Antivirus Media Encryption

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Only use secure networks and avoid using public Wi-Fi networks. Focus on cyber security awareness and training. Regularly back up data, password protect backup copies offline. Consider installing and using a VPN.

Ransomware

Ransomware DDOS Passwords Backups

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.”. Experts pointed out that ComplexCodes had been selling a “WeSupply Crypto Stealer” since May 2020.,

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Security Affairs

MARCH 9, 2023

The PowerShell script is encoded to avoid detection by AntiVirus solutions. The ScrubCrypt crypter is available for sale on hacking forums, it allows securing applications with a unique BAT packing method. The experts noticed that encrypted data at the top can be split into four parts using backslash “”.

Antivirus

Antivirus Encryption Hacking Cybercrime

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

NOVEMBER 25, 2021

Researchers explained that CronRAT malware is undetected by many antivirus engines, it leverages the fact that many security products do not scan the Linux cron system. “CronRAT’s main feat is hiding in the calendar subsystem of Linux servers (“cron”) on a nonexistant day.

Malware

Malware Antivirus Engineering Hacking

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit. Threat actors are attempting to exploit the booming market for NFTs and crypto games.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Security Affairs

AUGUST 2, 2022

.” SentinelOne highlights the importance of sharing information on the exploitation of novel “living off the land” tools to drop Cobalt Strike beacons and evade detection of common security solutions.

Antivirus

Antivirus Software Hacking Ransomware

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. The authorities did not reveal the name of the man, they arrested him in Gomel (Belarus). ransom amount, individual bots and encryption masks).

Ransomware

Ransomware Advertising Malware Hacking

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors. The experts warn that nation-state actors are adopting TTPs associated with cybercrime gangs to make it hard the attack attribution. ” Microsoft said.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. Experts revealed that the botnet was used by the TA505 cybercrime gang to distribute the FlawedAmmy RAT and some email stealers.

Phishing

Phishing Social Engineering Malware Advertising

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

“ZLoader has remained relevant as attackers’ tool of choice by including defense evasion capabilities, like disabling security and antivirus tools, and selling access-as-a-service to other affiliate groups, such as ransomware operators.” ” reads a post published by Microsoft.

Banking

Banking Malware Telecommunications Antivirus

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Trending Sources

15 billion credentials available in the cybercrime marketplaces

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Info stealers and how to protect against them

Romanians arrested for running underground malware services

Chinese-speaking cybercrime gang Rocke changes tactics

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

BlackCat Ransomware gang breached over 60 orgs worldwide

Cactus ransomware gang claims the Schneider Electric hack

Akira ransomware received $42M in ransom payments from over 250 victims

Bitdefender released a free decryptor for the MortalKombat Ransomware family

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Ransomware realities in 2023: one employee mistake can cost a company millions

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

NetDooka framework distributed via a pay-per-install (PPI) malware service

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

15 Best Cybersecurity Blogs To Read

Security Affairs newsletter Round 285

Trend Micro addresses two issues exploited by hackers in the wild

Bitdefender released a free decryptor for the MegaCortex ransomware

Malicious apps continue to spread through the Google Play Store

New CACTUS ransomware appeared in the threat landscape

The U.S. CISA and FBI warn of Royal ransomware operation

Global Effort Seizes EMOTET Botnet

An expert shows how to stop popular ransomware samples via DLL hijacking

FBI and CISA published a new advisory on AvosLocker ransomware

QwixxRAT, a new Windows RAT appears in the threat landscape

Tens of malicious NPM packages caught hijacking Discord servers

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack

Avoslocker ransomware gang targets US critical infrastructure

WeSteal, a shameless commodity cryptocurrency stealer available for sale

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Threat actors target crypto and NFT communities with Babadeda crypter

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender?

Belarussian authorities arrested GandCrab ransomware distributor

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Stay Connected