Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. “Finndev.” ” Image: Ke-la.com. 30, the U.S. Meanwhile, a LinkedIn profile for a Florian M.

eCommerce 221

eCommerce Cybercrime Accountability Passwords 221

Krebs on Security

NOVEMBER 14, 2024

Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.”

Retail 277

Retail Advertising Cryptocurrency Cybercrime 277

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 342

Malware Identity Theft Cybercrime Accountability 342

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Source: DOJ. Vladimir Gorin , a.k.a

Cybercrime 235

Cybercrime Banking Small Business Computers and Electronics 235

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Malware 99

Malware eCommerce Hacking Ransomware 99

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? 16, 1982 and residing in Moscow.

Malware 315

Malware Cybercrime Software Accountability 315

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 285

Malware Phishing Cybercrime 285

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us. In 2013, U.S.

Malware 306

Malware Passwords Accountability Advertising 306

Security Affairs

JANUARY 30, 2025

An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP. An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP. and Nulled.to.”

Cybercrime 63

Cybercrime Hacking Cryptocurrency Phishing 63

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 83

Malware Cryptocurrency Encryption Engineering 83

Security Affairs

MARCH 18, 2025

Trend ZDI researchers discovered 1,000 malicious.lnk files used by nation-state actors and cybercrime groups to execute hidden malicious commands on a victims machine by exploiting the vulnerability ZDI-CAN-25373. Since 2017, the vulnerability has been exploited by APT groups from North Korea, Iran, Russia, and China.

Cybercrime 74

Cybercrime Telecommunications Government Malware 74

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 75

Malware Adware Antivirus Marketing 75

Krebs on Security

AUGUST 19, 2021

Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Image: Abnormal Security. Image: Abnormal Security. .” billion in 2020. Image: FBI.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Security Affairs

JANUARY 11, 2025

. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.” The companyalso filed documents with regulators in California warning impacted customers.

Data breaches 116

Data breaches Retail Cybercrime Government 116

eSecurity Planet

MAY 5, 2025

Cybersecurity analysts at Recorded Futures Insikt Group have identified the fresh threats as TerraStealerV2 and TerraLogger, two malware strains believed to be the latest additions to Golden Chickens growing Malware-as-a-Service (MaaS) arsenal. TerraLoader : a malware loader. TerraCrypt : ransomware.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Source: Reliaquest.com.

Hacking 315

Hacking Malware Ransomware Government 315

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN. ” WHO IS DR. SAMUIL?

Cybercrime 353

Cybercrime Malware VPN Ransomware 353

Krebs on Security

JUNE 16, 2021

Terabytes of documents and files stolen from victim organizations that have not paid a data ransom are now available for download from CLOP’s deep web site, including Stanford, UCLA and the University of Maryland.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware 137

Malware Cybercrime DDOS Social Engineering 137

Krebs on Security

JULY 1, 2020

Usually, the blog posts that appear on ransom sites are little more than a teaser — screenshots of claimed access to computers, or a handful of documents that expose proprietary or financial information. Maybe you disagree, dear readers? Feel free to sound off in the comments below.

Ransomware 360

Ransomware Cybercrime Encryption Malware 360

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware 140

Malware Cryptocurrency Accountability Cybercrime 140

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime 142

Cybercrime Ransomware DDOS Encryption 142

SecureWorld News

JUNE 3, 2025

Fowler's analysis suggests that the data was harvested using InfoStealer malware, a malicious software designed to extract sensitive information from infected systems. This malware can siphon off credentials, autofill data, cookies, and even crypto wallet details, often without the user's knowledge.

Malware 65

Malware Passwords Identity Theft Phishing 65

Security Affairs

FEBRUARY 13, 2025

The researchers pointed out that tools belonging to the arsenal of China-linked APT groups are often shared resources, however, many arent publicly available and arent usually associated with cybercrime activity. The attack used a Toshiba executable to sideload PlugX malware.

Ransomware 123

Ransomware Software Cybercrime Encryption 123

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Image: treasury.gov.

Ransomware 316

Ransomware Cybercrime Accountability Malware 316

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 145

Malware Cybercrime Ransomware Phishing 145

Schneier on Security

JANUARY 28, 2021

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware.

Malware 256

Malware Phishing Ransomware Cybercrime 256

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering 119

Social Engineering Malware Cryptocurrency Engineering 119

Krebs on Security

MARCH 16, 2020

Now, something similar is in danger of happening in cyberspace: Shadowserver.org , an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding. Image: Ghostbusters. Image: Shadowserver.org.

Malware 329

Malware Internet Internet Government 329

SecureWorld News

JANUARY 30, 2025

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world's largest cybercrime marketplaces. By dismantling these two major forums, law enforcement agencies have disrupted a global supply chain of cybercrime tools.

Cybercrime 111

Cybercrime Identity Theft Hacking Cryptocurrency 111

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Hacking 134

Hacking Manufacturing Cyber Attacks Ransomware 134

Security Affairs

NOVEMBER 21, 2024

Stolen files allegedly include contracts, insurance, and financial documents. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office. ” reported the Associated Press. Knight, also known as Cyclops 2.0,

Government 145

Government Hacking Ransomware Insurance 145

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Like other COVID-19 themed malspam campaigns, the infection chain starts by opening a weaponized document used as an attachment.

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software. Credit: blog.bushidotoken.net.

Phishing 342

Phishing Scams Banking Mobile 342

Security Affairs

DECEMBER 7, 2024

Allegedly, invoice receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, confidentiality pic.twitter.com/Tad7LeOcsk — HackManac (@H4ckManac) December 6, 2024 According to the announcement published by the group on its Tor leak site, stolen data includes: Invoice Receipts (..)

Ransomware 128

Ransomware Hacking Accountability Cyber Attacks 128

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. ” concludes the report.

Malware 142

Malware Cybercrime Phishing Hacking 142