Blog, Cybercrime, Information Security and Malware

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The cybercrime gang has been active since at least January 2020. SecurityAffairs – hacking, cybercrime). ” concludes the experts. Pierluigi Paganini.

Cybercrime

Cybercrime Malware Cryptocurrency Hacking

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime

Cybercrime Advertising IoT Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Who Wants to Become a Guest Blogger At This Blog?

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Who is Dancho Danchev and what is Dancho Danchev's Blog? The post Who Wants to Become a Guest Blogger At This Blog? Stay tuned!

Cybercrime

Cybercrime InfoSec Cyber threats Accountability

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware. .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023.

Cybercrime

Cybercrime Software Education Ransomware

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. appeared first on Security Affairs.

Malware

Malware DNS Antivirus Passwords

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Facebook warns of a new information-stealing malware dubbed NodeStealer

Security Affairs

MAY 4, 2023

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook.

Malware

Malware Accountability Advertising Education

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware

Malware Cybercrime Government Engineering

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” concludes the report.

Malware

Malware DDOS IoT Cybercrime

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime

Cybercrime Malware Education Phishing

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec

InfoSec Malware Cybercrime Information Security

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The trojan can run on both ARM and x86 architectures.

Malware

Malware Social Engineering Architecture Education

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity

Cybersecurity IoT Antivirus Education

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance

Surveillance Malware Spyware Education

A flaw in the Kyocera Android printing app can be abused to drop malware

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware

Malware Mobile Education Media

Tax preparation and e-file service eFile.com compromised to serve malware

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware

Malware Education Media Internet

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware

Malware Ransomware Engineering Internet

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. “Hours after the blog post was released, proof of concepts and exploit generators were uploaded to public GitHub repositories. . ” reported Google TAG. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, Blog Designer WordPress Plugin. SecurityAffairs – hacking, Lunix Malware). WooCommerce.

Malware

Malware Hacking Accountability Phishing

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware

Malware Encryption Hacking Cybersecurity

The intricate relationships between the FIN7 group and members of the Conti ransomware gang

Security Affairs

APRIL 18, 2023

A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14).

Ransomware

Ransomware Cybercrime Malware Education

Experts discover over 451 clipper malware-laced packages in the PyPI repository

Security Affairs

FEBRUARY 14, 2023

Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository. Phylum researchers spotted more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to deliver clipper malware on the developer systems.

Malware

Malware Cryptocurrency Hacking Software

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The group is not linked to the hacktivist group Ghost Security Group, which primarily focuses on counterterrorism efforts and targets pro-ISIS websites. ransomware, a Golang variant of the GhostLocker ransomware.

Ransomware

Ransomware Encryption Cybercrime Hacking

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

Dear blog readers, This is Dancho. Including the following actual direct download links for the actual cybercrime-friendly forums in question: evilhack.ru.rar. security-teams.net.rar. The post Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! gerki.pw.rar.

Cybercrime

Cybercrime Cyber threats Hacking Software

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

“Through exchanges, attackers channeled assets obtained as a result of malware attacks (cryptoviruses) and online fraud. ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English. Exchange services were advertised on closed hacker forums.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Security Affairs

MAY 15, 2022

Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The channel was used to share information about malware listings and updates. SecurityAffairs – hacking, malware).

Ransomware

Ransomware DDOS Cybercrime Malware

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Ransomware

Ransomware Cybercrime Malware Hacking

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” An attacker with privileged access can exploit this bug to develop a malware that can run on an iPhone Bluetooth chip even when it is off. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The malicious code will download, create on disk and run the malicious DLL “pe.dll” The last stage malware installed on the infected systems is a Cobalt Strike Beacon that allows attackers to take over them. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Cybercrime Ransomware Encryption

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Security Affairs

MAY 30, 2022

Agent Tesla , first discovered in late 2014, is an extremely popular “malware-as-a-service” Remote Access Trojan (RAT) tool used by threat actors to steal information such as credentials, keystrokes, clipboard data and other information from its operators’ targets. SecurityAffairs – hacking, cybercrime).

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Who Wants to Support My Work Commercially?

Security Boulevard

JANUARY 25, 2022

Folks, Who wants to dive deep into some of my latest commercially available research and stay on the top of their OSINT/cybercrime research and threat intelligence gathering game that also includes their team and organization? Dancho Danchev’s “Astalavista Security Group – Investment Proposal” Presentation – A Photos Compilation.

Cybercrime

Cybercrime Hacking Scams Ransomware

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. On Sunday, Feb. “Sorry, but this is f *d up.

Ransomware

Ransomware Healthcare Cybercrime Government

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. businesses called #ShieldsUp.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

ZingoStealer crimeware released for free in the cybercrime ecosystem

Cybercrime group exploits Windows zero-day in ransomware attacks

Webinars

Trending Sources

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Webinars

New Lobshot hVNC malware spreads via Google ads

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Hackers are taking advantage of the interest in generative AI to install Malware

Who Wants to Become a Guest Blogger At This Blog?

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Symbiote, a nearly-impossible-to-detect Linux malware?

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Facebook warns of a new information-stealing malware dubbed NodeStealer

Nation-state malware could become a commodity on dark web soon, Interpol warns

EnemyBot malware adds new exploits to target CMS servers and Android devices

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Threat actors target the infoSec community with fake PoC exploits

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

15 Best Cybersecurity Blogs To Read

Iranian govt uses BouldSpy Android malware for internal surveillance operations

A flaw in the Kyocera Android printing app can be abused to drop malware

Tax preparation and e-file service eFile.com compromised to serve malware

Google obtained a temporary court order against CryptBot distributors

Bumblebee, a new malware loader used by multiple crimeware threat actors

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

NetDooka framework distributed via a pay-per-install (PPI) malware service

New Linux malware targets WordPress sites by exploiting 30 bugs

Malware campaign hides a shellcode into Windows event logs

The intricate relationships between the FIN7 group and members of the Conti ransomware gang

Experts discover over 451 clipper malware-laced packages in the PyPI repository

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Experts show how to run malware on chips of a turned-off iPhone

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Who Wants to Support My Work Commercially?

Conti Ransomware Group Diaries, Part I: Evasion

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

US man sentenced to 4 years in prison for his role in Infraud scheme

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Stay Connected