Cryptocurrency, Cybercrime and DNS - Cyber Security Informer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing

Phishing Cryptocurrency DDOS Internet

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com org and wwlabshosting[.]com

DNS

DNS Cybercrime Passwords Accountability

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. GuptiMiner connects directly to malicious DNS servers, bypassing the DNS network entirely. The final payload distributed by GuptiMiner was also XMRig.

Antivirus

Antivirus Malware DNS Cryptocurrency

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

“web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS.

Hacking

Hacking Cybercrime DNS Antivirus

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn.

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Malware

Malware DNS Cryptocurrency Internet

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

DECEMBER 20, 2018

Booter sites are dangerous because they help lower the barriers to cybercrime, allowing even complete novices to launch sophisticated and crippling attacks with the click of a button. ” In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.

DNS

DNS Computers and Electronics Government Internet

Security Affairs newsletter Round 385

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency

Cryptocurrency Data breaches DNS DDOS

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS

DNS Antivirus Cryptocurrency Software

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.

Hacking

Hacking DNS Cryptocurrency Accountability

DDoS attacks in Q2 2021

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. The bug was named TsuNAME.

DDOS

DDOS DNS IoT Marketing

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

The threat actors use the.bit Top-Level Domain (TLD) for the Domain Name System (DNS) servers. bit” C&C domains was added to protect the C2 infrastructure, this TLD is associated with the cryptocurrency Namecoin and requires special DNS servers that the malware uses (dedsolutions[.]bit, SecurityAffairs – TA505, cybercrime).

Malware

Malware DNS Financial Services Retail

CSC Research Finds Third Parties Continue to Lay Groundwork for Malicious Activity Among Thousands of COVID-Related Domains

CyberSecurity Insiders

JANUARY 25, 2022

While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.

Artificial Intelligence

Artificial Intelligence Phishing Technology DNS

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS

DDOS Cryptocurrency Marketing Internet

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). Malware actor publishes the address of the Bot-A in DNS (or using any other public channel). Another malware Bot-B resolves the address of Bot-A using DNS (or using any other public channel). Security Affairs – cybercrime, Ramnit botnet).

Malware

Malware DNS Encryption Banking

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency. Lapsus$ group hacks Okta.

Phishing

Phishing Spyware Firmware Malware

DDoS attacks in Q4 2021

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. In addition, the size of the DDoS market is inversely proportional to that of the cryptocurrency market, which we’ve written about several times. fold increase.

DDOS

DDOS Cryptocurrency Marketing Accountability

IT threat evolution in Q2 2023

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware

Malware Spyware Cryptocurrency Government

APT trends report Q1 2022

SecureList

APRIL 27, 2022

This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. In July 2021, we reported the previously unknown Tomiris Golang backdoor , deployed against government organizations within a CIS country through DNS hijacking.

Malware

Malware Firmware Government Phishing

Cyber Security Informer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Who’s Behind the NetWire Remote Access Trojan?

Webinars

Trending Sources

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Webinars

Chinese-speaking cybercrime gang Rocke changes tactics

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

No, I Did Not Hack Your MS Exchange Server

TeamTNT group adds new detection evasion tool to its Linux miner

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Security Affairs newsletter Round 385

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Glupteba botnet is back after Google disrupted it in December 2021

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

DDoS attacks in Q2 2021

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

CSC Research Finds Third Parties Continue to Lay Groundwork for Malicious Activity Among Thousands of COVID-Related Domains

DDoS attacks in Q4 2020

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

IT threat evolution Q1 2022

DDoS attacks in Q4 2021

IT threat evolution in Q2 2023

APT trends report Q1 2022

Stay Connected