Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware 93

Malware DDOS Cryptocurrency Firewall 93

Security Affairs

NOVEMBER 14, 2022

Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. ” Pierluigi Paganini.

DDOS 91

DDOS Malware Cryptocurrency Architecture 91

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. ” concludes IBM.

Cybercrime 91

Cybercrime Malware DDOS Ransomware 91

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. The activity is associated with a known DDoS botnet tracked as AndoryuBot that first appeared in February 2023. The bot supports multiple DDoS attack techniques and uses SOCKS5 proxies for C2 communications.

DDOS 96

DDOS Wireless Architecture Advertising 96

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. SLAVEOF command – this allows adversaries to create a replica of the attacking server.

Malware 141

Malware DDOS Architecture Cryptocurrency 141

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army , threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” Pierluigi Paganini.

DDOS 84

DDOS Digital transformation Malware Advertising 84

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime 136

Cybercrime Banking Malware Ransomware 136

Security Affairs

MARCH 21, 2023

New ShellBot DDoS bot malware, aka PerlBot, is targeting poorly managed Linux SSH servers, ASEC researchers warn. AhnLab Security Emergency response Center (ASEC) discovered a new variant of the ShellBot malware that was employed in a campaign that targets poorly managed Linux SSH servers. ” reads the ASEC’s report.

DDOS 98

DDOS Malware Passwords Accountability 98

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” concludes the analysis.

Malware 89

Malware Antivirus DDOS Hacking 89

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. Image: Palo Alto Networks. Zyxel issued a patch for the flaw on Feb.

IoT 244

IoT DDOS VPN Firewall 244

Security Affairs

DECEMBER 27, 2023

Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security Emergency Response Center (ASEC) are warning about attacks targeting poorly managed Linux SSH servers, primarily focused on installing DDoS bots and CoinMiners.

DDOS 110

DDOS Passwords Firewall Accountability 110

Security Affairs

JUNE 20, 2023

Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers. Researchers from AhnLab Security Emergency response Center (ASEC) have uncovered an ongoing hacking campaign, aimed at poorly protected Linux SSH servers, to install the Tsunami DDoS botnet (aka Kaiten).

DDOS 83

DDOS Malware Passwords Accountability 83

Security Affairs

DECEMBER 16, 2022

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. ark—event[.]net

DDOS 89

DDOS IoT Malware Internet 89

Security Affairs

AUGUST 28, 2023

KmsdBot is an evasive Golang-based malware that was first detected by Akamai in November 2022, it infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. ” reads the report published by Akamai.

IoT 89

IoT DDOS Architecture Internet 89

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The ShellBot , also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications. <Filename>.”

DDOS 82

DDOS Malware Hacking Education 82

Security Affairs

DECEMBER 8, 2021

The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware. It tries to drop a downloader that exhibits infection behavior and that also executes Moobot, which is a DDoS botnet based on Mirai.”

Firmware 119

Firmware DDOS Malware IoT 119

SecureList

APRIL 13, 2023

Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the recent reports that focus on uncommon infection methods and describe the associated malware. According to the author, the malware: Is written in C/C++, while the C2 is written in Golang.

Malware 97

Malware Engineering Advertising Phishing 97

Security Affairs

DECEMBER 21, 2021

In November, researchers from Qihoo 360’s Netlab security team spotted the Abcbot botnet that was targeting Linux systems to launch distributed denial-of-service (DDoS) attacks. The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. ” concludes the analysis.

DDOS 127

DDOS Malware Hacking Cybercrime 127

Security Affairs

FEBRUARY 16, 2023

Upon successful exploitation, the malicious code executes wget and curl utilities to download Mirai bot from attackers’ infrastructure and then execute it. The experts noticed that V3G4 also supports a function that makes sure only one instance of this malware is executing on the compromised device. to the console.

IoT 96

IoT DDOS Encryption Malware 96

Security Affairs

DECEMBER 11, 2022

Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Firewall 91

Firewall Banking Hacking DDOS 91

Security Affairs

APRIL 28, 2019

Threat actors leverage the vulnerability to install denial of service (DDoS) malware and crypto-currency miners, and to remotely execute code. “In our analysis, we saw that an attacker was able to exploit CVE-2019-3396 to infect machines with the AESDDoS botnet malware.” The malware also connects to 23[.]224[.]59[.]34:48080

DDOS 90

DDOS Malware Advertising Software 90

Security Affairs

JUNE 22, 2023

The attack chain commences with the exploitation of one of the above issues, then the threat actor tries to download a shell script downloader from a remote server. Upon executing the script, it would download and execute the proper bot clients for the specific Linux architectures: hxxp://185.225.74[.]251/armv4l

IoT 85

IoT Malware Encryption DDOS 85

Security Affairs

DECEMBER 1, 2020

” One of the payloads targeting the Oracle WebLogic servers observed by the experts is the DarkIRC malware which is currently being sold on cybercrime forums for 75USD. The malware also tries to detect if it is running in virtualized environments, such as VMware, VirtualBox, VBox, QEMU, or Xen virtual machine.

Malware 96

Malware DDOS Hacking Cybercrime 96

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5 Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks 81

Cyber Attacks Firewall Data breaches Telecommunications 81

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. The code seems inspired from multiple source code of China basis DDoS client, like Elknot. But what kind of malware is this Elknot Trojan?

DDOS 83

DDOS Malware Encryption Penetration Testing 83

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. An example of a cracked software download site distributing Glupteba. Image: Google.com. But on Dec.

Passwords 244

Passwords Malware Internet Internet 244

Security Affairs

SEPTEMBER 7, 2022

Threat actors explored the four D-Link vulnerabilities to gain remote code execution and download a MooBot downloader from 159.203.15[.]179. The analysis of the code revealed that the MooBot bot will also send heartbeat messages to the C2 server and parse commands from C2 to start a DDoS attack on a specific IP address and port number.

DDOS 100

DDOS Encryption Passwords Hacking 100

SecureList

NOVEMBER 23, 2021

The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. Cracking down hard on the cybercrime world. Analysis of forecasts for 2021. We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular.

Cryptocurrency 103

Cryptocurrency Banking Cybercrime Ransomware 103

Security Affairs

FEBRUARY 3, 2019

Cobalt cybercrime gang abused Google App Engine in recent attacks. Law enforcement worldwide hunting users of DDoS-for-Hire services. Sofacys Zepakab Downloader Spotted In-The-Wild. CookieMiner Mac Malware steals browser cookies and sensitive Data. Exclusive: spreading CSV Malware via Google Sheets. 20% discount.

DDOS 63

DDOS Data breaches Advertising Cybercrime 63

Security Affairs

JANUARY 3, 2023

Experts warn of a new malware campaign using sensitive information stolen from a bank as a lure to spread the remote access trojan BitRAT. Qualys experts spotted a new malware campaign spreading a remote access trojan called BitRAT using sensitive information stolen from a bank as a lure in phishing messages. Keylogging. Monero mining.

Banking 89

Banking Malware Phishing DDOS 89

Security Affairs

OCTOBER 12, 2021

The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns. from visual-tools.com. ” reads the analysis published by the experts.

DDOS 93

DDOS Surveillance Hacking Internet 93

Security Affairs

APRIL 25, 2023

” The Mirai botnet is exploiting the issue to gain access to the device and downloads the malicious payload for the targeted architecture. The Mirai botnet that is behind the attacks observed by ZDI is focused on launching DDoS attacks, it has the capability to target Valve Source Engine (VSE). ” continues the report.

DDOS 90

DDOS Engineering Firmware Architecture 90

Responsible Cyber

APRIL 8, 2020

As cybercrime has become well-funded and increasingly sophisticated, phishing remains one of the most effective methods used by criminals to introduce malware into businesses. DDoS Attacks. Should a small business rely on a website or other online service to function, any outage caused by DDoS attacks will be catastrophic.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

Security Affairs

FEBRUARY 14, 2023

In November 2022, researchers from security firm Sucuri reported to have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The Sucuri SiteCheck detected redirects on over 2,500 sites during September and October, while PublicWWW results show nearly 15,000 websites affected by this malware.

Malware 77

Malware DDOS Cryptocurrency Hacking 77

Security Affairs

FEBRUARY 9, 2019

Image downloaded by Odisseus from the Instagram profile of the threat actor. One of them is the Layer 7 (HTTP) Attack reported in the picture below documenting how this kind of malware can evade the anti-DDoS solutions like Cloudfare. Image downloaded by Odisseus from the Instagram profile of the threat actor.

DDOS 81

DDOS IoT Advertising Penetration Testing 81

SiteLock

AUGUST 27, 2021

Over time, we predict a decrease in “noisy” attacks such as SEO spam and redirects: As malware scanners and website developers advance their techniques, these types of attacks are easier to detect and remove. This makes stealthy attacks incredibly popular in the cybercrime community. Distributed denial of service. Ransomware.

Small Business 98

Small Business Cybersecurity Phishing DDOS 98

Security Affairs

OCTOBER 11, 2022

VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. “The ongoing adaptation of Emotet’s execution chain is one reason the malware has been successful for so long.”

Banking 84

Banking Malware DDOS Accountability 84