Cybercrime and Download - Cyber Security Informer

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. for customers to use as needed.

Cybercrime

Cybercrime Data breaches Technology Banking

The Funnel of Justice: Why U.K. Cybercrime Victims Are Left Behind

SecureWorld News

NOVEMBER 29, 2024

New Insights from The Cyber Helpline reveal a shocking gap in the justice system for cybercrime victims in the U.K. Download the full report or a snapshot. Underreporting: Only 36% of cybercrime victims report incidents to the police, compared to 79% of victims of offline crimes.

Cybercrime

Cybercrime Technology

Leader of Qakbot cybercrime network indicted in U.S. crackdown

Security Affairs

MAY 24, 2025

Justice Department filed a civil forfeiture complaint to seize over $24M in crypto from Gallyamov, part of a multinational cybercrime crackdown. “These actions are the latest step in an ongoing multinational effort by the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada to combat cybercrime.”

Cybercrime

Cybercrime Cryptocurrency Ransomware Malware

The Silent Breach: How E-Waste Fuels Cybercrime

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime?

Cybercrime

Cybercrime Computers and Electronics Firewall Hacking

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. .

Malware

Malware Identity Theft Scams Antivirus

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

This file contained an authentication token that allowed the attacker to download the Internet Archive’s source code, which included additional credentials and tokens. This allowed the threat actor to download the organization’s user database, further source code, and modify the site.

Internet

Internet Internet Data breaches Authentication

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Security Affairs

MAY 27, 2025

The first vulnerability, CVE-2024-57727 (CVSS score of 7.5), is an unauthenticated path traversal issue allowing attackers to download arbitrary files from the server. Attackers could download files, upload files with admin privileges, and escalate their access to an administrative level on vulnerable servers.

Ransomware

Ransomware Software Retail Data breaches

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Security Affairs

JUNE 19, 2025

“Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.” Upon launching the game, the fake mod downloads a second-stage stealer, which then fetches an additional.NET-based stealer.

Malware

Malware Cyber threats VPN Hacking

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

Security Affairs

NOVEMBER 27, 2024

Russian-based cybercrime group RomCom (aka UAT-5647 , Storm-0978 , Tropical Scorpius , UAC-0180, UNC2596 ) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America. . This leads to downloading and executing the RomCom backdoor from C2 servers like journalctd[.]live,

Cybercrime

Cybercrime Hacking Government Information Security

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Security Affairs

APRIL 23, 2025

is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”

Cryptocurrency

Cryptocurrency Malware Hacking Risk

MUT-1244 Campaign Steals Hundreds of Thousands of WordPress Credentials and More

SecureWorld News

DECEMBER 17, 2024

Researchers at Datadog Security Labs have uncovered a year-long, large-scale cybercrime campaign by a threat actor tracked as MUT-1244. By downloading and running this code, victims essentially infected themselves." Simultaneously, a phishing campaign tricked targets into installing a fake kernel update.

Phishing

Phishing Threat Detection Social Engineering Cybercrime

Belk hit by May cyberattack: DragonForce stole 150GB of data

Security Affairs

JULY 15, 2025

The stolen data are available for download, a circumstance that suggests a failed negotiation. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims. Belk is offering affected individuals 12 months of free credit monitoring and identity restoration services.

Data breaches

Data breaches Retail Ransomware Cybercrime

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

Once executed, it downloads the payload directly into memory. “Once opened, the LNK file executes a Powershell command to download an MSI file from a remote server, renames it as “%AppData%y.msi”, and then executes/installs it using the Microsoft msiexec.exe tool.” lnk” that, once executed, starts the attack chain.

Malware

Malware Phishing Ransomware Hacking

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

SecureWorld News

FEBRUARY 14, 2025

Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. But Machin warns: "Clicking on a seemingly innocent link within an e-card can lead to downloading malware or being redirected to a phishing website designed to capture personal or company details."

Scams

Scams Cybercrime Phishing Social Engineering

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Krebs on Security

JULY 17, 2025

We want to be very clear that while the researchers may have briefly had access to the system containing all chat interactions (NOT job applications), they only viewed and downloaded five chats in total that had candidate information within. Again, at no point was any data leaked online or made public.”

Passwords

Passwords Authentication Malware Accountability

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

The attack involves executing a cmd script followed by a PowerShell script, which downloads three executables, including the Amadey botnet and two.NET executables (32-bit and 64-bit). The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques.

Software

Software Cryptocurrency Malware Encryption

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm. Noodlophile is being sold on cybercrime forums as part of malware-as-a-service schemes, often bundled with tools for credential theft.

Malware

Malware Media Cybercrime Scams

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware

Malware Encryption Phishing Hacking

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com)

Antivirus

Antivirus Malware Banking Cryptocurrency

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

The malicious code acts as a backdoor allowing attackers to download and install third-party software secretly. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing

Phishing Antivirus Encryption Hacking

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Security Affairs

APRIL 7, 2025

Though distinct from groups like Scattered Spider and CryptoChameleon , the attack reflects growing threats in the broader The Com cybercrime ecosystem. They used targeted phishing emails, such as a Sending Privileges Restricted lure, to steal credentials and automate downloads of contact lists.

Scams

Scams Cryptocurrency Phishing Cybercrime

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. ” Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.

Malware

Malware Cryptocurrency Encryption Hacking

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

In October 2024, Cisco confirmed that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published.

Data breaches

Data breaches Cybercrime Authentication Technology

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

This is just one of many channels involved in cybercrime, but it's noteworthy due to the huge amount of freely accessible data. Alice downloaded, onto her personal laptop, a version of Notepad++ from a website she believed to be legitimate.

Passwords

Passwords Accountability VPN Malware

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. Document.docx: A disguised batch file that downloads more malware.

Malware

Malware Scams Media Artificial Intelligence

Malicious Go Modules designed to wipe Linux systems

Security Affairs

MAY 4, 2025

Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. The malicious modules contain obfuscated code to fetch next-stage payloads that can wipe a Linux system’s primary disk and make it unbootable. ” read the report published by Socket.

Software

Software Hacking Malware Cybercrime

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. 3 ” reads the alert published by the FBI. ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

Authorities released free decryptor for Phobos and 8base ransomware

Security Affairs

JULY 18, 2025

The software can be downloaded from the police website and Europol’s NoMoreRansom site. In November 2024, Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Ransomware

Ransomware Encryption Malware Cybercrime

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

” Nebulous Mantis imitates trusted services like OneDrive to trick victims into downloading infected files, often hosted on Mediafire. Post-infection, a fake PDF triggers an EXE that checks for sandbox evasion markers before downloading further payloads like Keyprov.dll. The APT group uses RomCom malware in multi-stage attacks.

Encryption

Encryption Ransomware Malware Phishing

Google Chrome will use AI to block tech support scam websites

Malwarebytes

MAY 9, 2025

Google says: Tech Support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today.

Scams

Scams Artificial Intelligence Cybercrime Mobile

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success.

Phishing

Phishing Scams Cybercrime Encryption

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Security Affairs

FEBRUARY 24, 2025

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. The Finance Simplified app is still available on Google Play at the time of this reports publication, with downloads doubling to 100,000 in a week. ” reads the report published by CYFIRMA.

Malware

Malware Marketing Hacking Mobile

Ransomware negotiator investigated over criminal gang kickbacks

Malwarebytes

JULY 8, 2025

Ransomware demands have also ballooned as this form of cybercrime continues to gain traction. Now, more of them steal the data as well, downloading it to their own computers and then threatening to embarrass the victim by publishing it. Keep threats off your devices by downloading Malwarebytes today.

Ransomware

Ransomware Cyber Insurance Government Insurance

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. Upon execution, Glove Stealer pretends to search for system errors while secretly contacting a command-and-control (C&C) server to harvest and exfiltrate data. ” reads the report published by Gen Digital.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

Security Affairs

APRIL 3, 2025

The investigation was led by the State Criminal Police of Bavaria (Bayerisches Landeskriminalamt) and the Bavarian Central Office for the Prosecution of Cybercrime (ZCB) with the support of Europol. “Unlike other known platforms of this kind, Kidflix not only enabled users to download CSAM but also to stream video files.

Cryptocurrency

Cryptocurrency Cybercrime Hacking Information Security

Malicious NPM packages target PayPal users

Security Affairs

APRIL 14, 2025

“We urge the public to be cautious when downloading packages and to ensure they are from trusted sources to avoid falling victim to such attacks.” . “The authors oftommyboy_h1andtommyboy_h2are likely the same person, publishing multiple malicious packages in a short time. ” concludes the report.

Cryptocurrency

Cryptocurrency Hacking Accountability Cybercrime

Dark web threats and dark market predictions for 2025

SecureList

DECEMBER 16, 2024

The number of unique threads about drainers on the dark web ( download ) In fact, in 2024, Telegram channels were a prominent hub for drainer-related activity. Increase in high-profile law enforcement operations against cybercrime groups 2024 was a significant year in the global high-profile fight against cybercrime.

Marketing

Marketing Data breaches Cryptocurrency Malware

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

com to distribute an infected archive, which had over 40,000 downloads. The above campaign limited itself to distributing a miner, but threat actors could start to use this vector for more complex attacks, including data theft and downloading other malware. Attackers used the malicious site gitrok[.]com

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js runtime and a compiled JavaScript file. components.

Social Engineering

Social Engineering Malware Cryptocurrency Hacking

Security Affairs newsletter Round 528 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 15, 2025

CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog Exposed eyes: 40,000 security cameras vulnerable to remote hacking Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited A flaw could allow recovery of the phone number (..)

Spyware

Spyware Data breaches Cybercrime Scams

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

There is also a distant feel of ‘software download via Google ads’ we have reported on previously (see Threat actor impersonates Google via fake ad for Authenticator ). Keep threats off by downloading Malwarebytes Browser Guard today. Back to top Indicators of Compromise Fake Google Sites pages sites[.]google[.]com/view/ads-goo-vgsgoldx

Advertising

Advertising Accountability Phishing Scams

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

” Upon exploiting the vulnerability, the malicious code can inject commands via the ntp parameter, allowing attackers to download Mirai-based malware through HTTP POST requests over port 80, referencing IP Address :80/cfg_system_time.htm in the HTTP Referer header. dyn” for C2 communication.

Manufacturing

Manufacturing Malware Firmware IoT

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware.

Malware

Malware Manufacturing Mobile Spyware

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

The Funnel of Justice: Why U.K. Cybercrime Victims Are Left Behind

Trending Sources

Leader of Qakbot cybercrime network indicted in U.S. crackdown

The Silent Breach: How E-Waste Fuels Cybercrime

FBI warns of malicious free online document converters spreading malware

Internet Archive was breached twice in a month

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

MUT-1244 Campaign Steals Hundreds of Thousands of WordPress Credentials and More

Belk hit by May cyberattack: DragonForce stole 150GB of data

Experts warn of a new wave of Bumblebee malware attacks

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

New MassJacker clipper targets pirated software seekers

Threat actors use fake AI tools to deliver the information stealer Noodlophile

PLAYFULGHOST backdoor supports multiple information stealing features

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Russia-linked Gamaredon targets Ukraine with Remcos RAT

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

The source code of Banshee Stealer leaked online

Cisco states that the second data leak is linked to the one from October

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

Malicious Go Modules designed to wipe Linux systems

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Authorities released free decryptor for Phobos and 8base ransomware

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Google Chrome will use AI to block tech support scam websites

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Ransomware negotiator investigated over criminal gang kickbacks

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

Malicious NPM packages target PayPal users

Dark web threats and dark market predictions for 2025

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Node.js malvertising campaign targets crypto users

Security Affairs newsletter Round 528 by Pierluigi Paganini – INTERNATIONAL EDITION

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Stay Connected