Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” continues the report.

Antivirus 109

Antivirus Cryptocurrency Malware Software 109

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. pro, the malware impersonates the Windows version of the AdShield mobile ad blocker. Technical details.

DNS 141

DNS Antivirus Malware Encryption 141

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking 352

Hacking Cybercrime DNS Antivirus 352

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. SecurityAffairs – hacking, malware).

Cryptocurrency 121

Cryptocurrency Cybercrime DNS Malware 121

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS 98

DNS Antivirus Cryptocurrency Software 98

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 111

Cryptocurrency Social Engineering Media Phishing 111

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 111

Backups Cryptocurrency DNS Malware 111

SecureList

AUGUST 30, 2023

The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus.

Malware 73

Malware Spyware Cryptocurrency Government 73

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 91

Malware DNS Financial Services Retail 91

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The version of Free Download Manager installed by the infected package was released on January 24, 2020.

Malware 91

Malware Ransomware Encryption Energy and Utilities 91

Security Affairs

JANUARY 19, 2021

. “In all the attacks involving these CVEs, the attacker’s first move is to try running different syntaxes of OS commands to download and execute a Python script named “out.py”.” “After the script is downloaded and given permissions (using the “chmod” command), the attacker tries to run it using Python 2.

DDOS 140

DDOS DNS Malware Internet 140

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. As of August 30, 2021, many malware samples still have zero antivirus (AV) detections and others have low detection rates. 7z to decompress downloaded files. Background. See figure 5.). Windows module.

Cryptocurrency 84

Cryptocurrency Malware Passwords Authentication 84

Security Affairs

AUGUST 26, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware 41

Spyware Banking DNS Retail 41

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

Fox IT

JUNE 29, 2022

Flubot is an Android based malware that has been distributed in the past 1.5 An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. Introduction.

Banking 97

Banking Malware DNS Encryption 97

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. Exploring the malware code, we detected multiple evidence indication of the possible belonging malware family: LimeRAT. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. C2 retrieval.

Malware 72

Malware Advertising DNS Antivirus 72

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. However, recently the group has adopted new methods to deliver its malware.

DNS 100

DNS Malware Cryptocurrency Retail 100

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 111

Malware DNS Cryptocurrency Internet 111

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. “It installs a cryptocurrency-mining malware as well as implant itself into the system and crontabs to survive reboots and deletions.”

Malware 92

Malware Cryptocurrency Advertising DNS 92

SecureList

JULY 28, 2021

The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. This malware is of interest for its use of infected devices as honeypots. It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers.

DDOS 131

DDOS DNS IoT Marketing 131

Security Boulevard

JUNE 15, 2023

Stealers" are a kind of malware designed to run on an endpoint post-compromise, while their primary features center on the theft of user data. Together with our colleagues at InQuest, we present a deep dive technical analysis of the malware. This is the story of information stealers today. But it doesn't stop there.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 130

Malware Firmware Government Phishing 130

SecureList

MAY 27, 2022

Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.

Phishing 103

Phishing Spyware Firmware Malware 103

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS 129

DDOS Cryptocurrency Marketing Internet 129

SecureList

MAY 26, 2021

70% of Internet user computers in the EU experienced at least one Malware-class attack. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the devices of 79,315 users. The statistics include not only banking threats, but malware for ATMs and payment terminals. Main figures.

Phishing 127

Phishing Malware Ransomware Adware 127

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. Q4 2020 data is taken as 100% ( download ). Percentage distribution of DDoS attacks by month, Q4 2021 ( download ). times against the same period last year.

DDOS 102

DDOS Cryptocurrency Marketing Accountability 102

SecureList

NOVEMBER 18, 2022

Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 99,989 unique users. Number of users attacked by banking malware. In Q3 2022, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 99,989 unique users. Financial threats.

Mobile 83

Mobile Malware Ransomware IoT 83

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. Malware execution instructions.

Malware 108

Malware Cryptocurrency Passwords Software 108