Blog, Cybercrime, Hacking and Malware - Cyber Security Informer

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. law enforcement agents in connection with various cybercrime investigations.

Cybercrime

Cybercrime DDOS Advertising Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? account on Carder[.]su su from 2008.

Malware

Malware Cybercrime Software Antivirus

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

JUNE 4, 2024

“Now anyone who wants to buy this data can contact our blog support, we only sell it once.” “Based on our investigation, we have determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.”

Telecommunications

Telecommunications Hacking Data breaches Cybercrime

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

The cybercrime gang has been active since at least January 2020. The malware is also able to steal details from cryptocurrency wallets and load additional malware to conduct malicious operations. “It features the ability to steal sensitive information from victims and can download additional malware to infected systems.

Cybercrime

Cybercrime Malware Cryptocurrency Hacking

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware

Malware Cybercrime Banking Software

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have stolen 356841 files from the company and plans to leak them online. .’ Pierluigi Paganini.

Hacking

Hacking Ransomware Cybersecurity Cybercrime

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. Kloster’s blog enthused. “We A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime

Cybercrime Advertising IoT Malware

Exploit Forum, Initial Access Brokers, and Cybercrime on the Dark Web

Security Boulevard

JUNE 6, 2023

On this forum, malicious actors can share various hacking techniques, malware samples, and proof of concept for exploits. The post Exploit Forum, Initial Access Brokers, and Cybercrime on the Dark Web appeared first on Security Boulevard.

Cybercrime

Cybercrime Cyber threats Malware Risk

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023.

Cybercrime

Cybercrime Software Education Ransomware

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. SecurityAffairs – hacking, Brute Ratel). in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities. “Symbiote is a malware that is highly evasive.

Malware

Malware DNS Antivirus Passwords

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware

Malware Cybercrime Government Engineering

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime

Cybercrime Malware Education Phishing

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking

Hacking Ransomware Computers and Electronics Marketing

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” SecurityAffairs – hacking, EnemyBot).

Malware

Malware DDOS IoT Cybercrime

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security. Gainesville, Fla.,

Hacking

Hacking DDOS Small Business Spyware

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” Kloster’s blog even included a group photo of RSOCKS employees.

Cybercrime

Cybercrime Data breaches Malware Ransomware

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Despite BouldSpy spyware supports ransomware capabilities, Lookout researchers have yet to see the malicious code using them, a circumstance that suggests the malware is under development or it is a false flag used by its operators.

Surveillance

Surveillance Malware Spyware Education

Tax preparation and e-file service eFile.com compromised to serve malware

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware

Malware Education Media Hacking

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible. ” reads the announcement published by Google.

Malware

Malware Cybercrime Cryptocurrency Media

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Hacking

Hacking Ransomware Manufacturing Education

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. “Hours after the blog post was released, proof of concepts and exploit generators were uploaded to public GitHub repositories. . ” reported Google TAG. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware

Malware Ransomware Engineering Hacking

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, Blog Designer WordPress Plugin. SecurityAffairs – hacking, Lunix Malware).

Malware

Malware Hacking Accountability Phishing

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Discord suffered a data after third-party support agent was hacked

Security Affairs

MAY 13, 2023

In response to the incident, the company immediately deactivated the compromised account and analyzed the impacted machine to determine if it was infected with malware. .” According to the company, the support ticket queue contained user email addresses, messages and related attachments exchanged with Discord support.

Hacking

Hacking Data breaches Accountability Phishing

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec

InfoSec Malware Cybercrime Information Security

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles. billion rubles.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. SecurityAffairs – hacking, NetDooka).

Malware

Malware Antivirus DDOS Hacking

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers. Their main focus is on cybercrime investigations.

Cybersecurity

Cybersecurity IoT Antivirus Education

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). Iarmak is the third member of the FIN7 cybercrime group to be sentenced in the U.S. in May 2020.

Cybercrime

Cybercrime Hacking Software Phishing

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /. CLOP’s victim shaming blog on the deep web.

Ransomware

Ransomware Cybercrime Malware Encryption

Experts discover over 451 clipper malware-laced packages in the PyPI repository

Security Affairs

FEBRUARY 14, 2023

Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository. Phylum researchers spotted more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to deliver clipper malware on the developer systems.

Malware

Malware Cryptocurrency Hacking Software

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware

Malware Mobile Education Media

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Through exchanges, attackers channeled assets obtained as a result of malware attacks (cryptoviruses) and online fraud. ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English. Exchange services were advertised on closed hacker forums.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

Dear blog readers, This is Dancho. Including the following actual direct download links for the actual cybercrime-friendly forums in question: evilhack.ru.rar. Hack-Port.rar. hack-academy.ru.rar. The post Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available!

Cybercrime

Cybercrime Cyber threats Hacking Software

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware

Malware Encryption Hacking Cybersecurity

UK Ad Campaign Seeks to Deter Cybercrime

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

This Service Helps Malware Authors Fix Flaws in their Code

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Cybercrime group exploits Windows zero-day in ransomware attacks

ZingoStealer crimeware released for free in the cybercrime ecosystem

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

New Lobshot hVNC malware spreads via Google ads

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Exploit Forum, Initial Access Brokers, and Cybercrime on the Dark Web

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Hackers are taking advantage of the interest in generative AI to install Malware

Symbiote, a nearly-impossible-to-detect Linux malware?

Nation-state malware could become a commodity on dark web soon, Interpol warns

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

EnemyBot malware adds new exploits to target CMS servers and Android devices

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Tax preparation and e-file service eFile.com compromised to serve malware

Bumblebee, a new malware loader used by multiple crimeware threat actors

Google obtained a temporary court order against CryptBot distributors

Money Message ransomware group claims to have hacked IT giant MSI

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Threat actors target law firms with GootLoader and SocGholish malware

New Linux malware targets WordPress sites by exploiting 30 bugs

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Discord suffered a data after third-party support agent was hacked

Threat actors target the infoSec community with fake PoC exploits

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

NetDooka framework distributed via a pay-per-install (PPI) malware service

15 Best Cybersecurity Blogs To Read

A Ukrainian man is the third FIN7 member sentenced in the United States

Ukrainian Police Nab Six Tied to CLOP Ransomware

Experts discover over 451 clipper malware-laced packages in the PyPI repository

A flaw in the Kyocera Android printing app can be abused to drop malware

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Malware campaign hides a shellcode into Windows event logs

Stay Connected