Cybercrime, Download, Encryption and Malware

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. To set such a stratagem in motion, cybercriminals poison legitimate websites with ads that lead to shady URLs or download malicious code camouflaged as something harmless. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime

Cybercrime Advertising Engineering Antivirus

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. The archive contained an executable named feedbackAPI.exe.

Malware

Malware Cryptocurrency Encryption Hacking

Blacktail: Unveiling the tactics of a notorious cybercrime group

CyberSecurity Insiders

JUNE 26, 2023

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. An interesting detail about the organization is that they do not make their own strains of malware. Two of the most popular tools that have been used by the cybercrime group are LockBit 3.0

Cybercrime

Cybercrime Social Engineering Ransomware Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Europol lifts the lid on cybercrime tactics

Malwarebytes

SEPTEMBER 15, 2023

The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months. These groups work closely with other malware-as-a-service groups to compromise high-revenue targets and post huge ransom demands, running into millions of Euros.

Cybercrime

Cybercrime Ransomware DDOS Backups

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Expert warns of Turtle macOS ransomware

Security Affairs

DECEMBER 1, 2023

Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”). Troj.Undef”). The binary also lacks of obfuscation.

Ransomware

Ransomware Encryption Malware Cybercrime

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. “While tracking the recent waves of Ivanti exploitation, we identified a number of activities leading to the download and deployment of an ELF file which turned out to be a Linux version of NerbianRAT.

Malware

Malware VPN Encryption Hacking

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. be on IP 93[.]95[.]229[.]203).”

Encryption

Encryption Cybercrime Hacking Malware

Emotet Downloader Document Uses Regsvr32 for Execution

Security Boulevard

JULY 28, 2022

The key observations are: Obfuscated Excel macros used to download and run the Emotet loader. Encrypted Emotet payload embedded in loader’s.rsrc section. Emotet is a Windows-based malware loader operated by the cybercrime group TA542 ( 1 ), also referred to as Mummy Spider ( 2 ). Emotet loader executed using regsvr32.exe.

Encryption

Encryption Malware Phishing Cybercrime

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. ” concludes the report.

Malware

Malware Encryption Advertising Cryptocurrency

State of Malware 2024: What consumers need to know

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. We have seen news of ChatGPT leaking user’s information and law enforcement asking for backdoors in encryption routines. This is changing.

Malware

Malware Passwords Identity Theft Banking

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. The attackers use the web shell to download and run the primary Cerber payload. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user.

Ransomware

Ransomware Encryption Malware Accountability

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

New Vultur malware version includes enhanced remote control and evasion capabilities

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality. The dropper masquerades as the McAfee Security app.

Malware

Malware Banking Engineering Encryption

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering

Social Engineering Mobile Authentication Engineering

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

How to recover files encrypted by Yanlouwang

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption

Encryption Ransomware Backups VPN

Known ransomware attacks up 68% in 2023

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware

Ransomware Cybercrime Malware Social Engineering

UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

Security Affairs

APRIL 30, 2021

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. The UNC2447 gang targeted organizations in Europe and North America using a broad range of malware over the past months. ” reads the analysis published by FireEye.

Cybercrime

Cybercrime Ransomware Malware Mobile

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Record audio. Get the device’s location.

Encryption

Encryption Malware Media Authentication

How to recover files encrypted by Yanluowang

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption

Encryption Ransomware Backups VPN

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

JANUARY 27, 2021

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. million last summer in exchange for a digital key needed to unlock files encrypted by the ransomware. For example, the University of California, San Francisco paid $1.4

Ransomware

Ransomware Cybercrime Antivirus Encryption

Gootkit AaaS malware is still active and uses updated tactics

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . This forum hosted a ZIP archive that contains the malicious.js

Malware

Malware Encryption Engineering Hacking

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. VBS,LNK) or an HTML file which executes Javascript for downloading a malicious file. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

This New Malware Is Now a Favorite among Ransomware Gangs

Hacker Combat

JULY 7, 2022

A new malware is now an important component when it comes to engineering ransomware attacks. The malware, which goes by the name Bumblebee, was recently analyzed by Symantec researchers. This link is a clear indication that Bumblebee is currently in the heart of the cybercrime community.

Malware

Malware Ransomware Phishing Engineering

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /. CLOP’s victim shaming blog on the deep web.

Ransomware

Ransomware Cybercrime Malware Encryption

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

In an unprecedented move, the group is also offering a separate information-stealer malware that can be used to steal sensitive data from infected systems. The Cyclops group is advertising the ransomware on multiple cybercrime forums, the gang requests a share of profits from those using its malware in financially motivated attacks.

Ransomware

Ransomware Encryption Cybercrime Malware

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware

Malware Cryptocurrency Encryption Hacking

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. ” continues the report.

Malware

Malware Authentication Software Accountability

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. The malware also drops a ransom note that requests the payment of the ransom in Bitcoin. 94/zambo/groenhuyzen.exe. .

Ransomware

Ransomware Encryption Engineering Malware

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers.

Hacking

Hacking Cybercrime DNS Antivirus

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware

Malware Encryption Hacking Cybersecurity

FakeSG campaign, Akira ransomware and AMOS macOS stealer

SecureList

DECEMBER 13, 2023

Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

Ransomware

Ransomware Passwords Malware Encryption

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware

Malware Banking Healthcare Penetration Testing

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm. The final-stage malware was the Clop ransomware.

Ransomware

Ransomware Malware Data collection Encryption

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

Security Affairs

JULY 5, 2023

The malware allows operators to steal information from various browsers, it also supports ransomware capabilities. Once inside the system, this malicious variant stealthily extracts sensitive information and proceeds to encrypt the compromised files.” The downloaded file is an executable file known as RedStealer.

Energy and Utilities

Energy and Utilities Ransomware Backups Malware

GoTrim botnet actively brute forces WordPress and OpenCart sites

Security Affairs

DECEMBER 14, 2022

The malware uses a bot network to perform distributed brute force attacks against target websites. The experts noticed PHP scripts that download and execute GoTrim bot clients. “Typically, each script downloads the GoTrim malware from a hardcoded URL to a file in the same directory as the script itself and executes it.”

Malware

Malware Encryption Accountability Risk

Picus Threat Library Is Updated for Trojans Targeting Banks in Latin America

Security Boulevard

DECEMBER 30, 2021

In this blog, techniques used by these malware families will be explored. Banking trojans have a significant role in the cybercrime scene in Latin America. For example, the same or similar custom encryption schemes are used by these malware families. Krachulka Banking Malware.DLL File Download Variant-1.

Banking

Banking Malware Spyware Phishing

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

SecureList

AUGUST 3, 2023

Introduction The malware landscape keeps evolving. DarkGate In June 2023, a well-known malware developer posted an advertisement on a popular dark web forum, boasting of having developed a loader that he had been working on for more than 20,000 hours since 2017. VBS downloader script : The script is fairly simple.

Malware

Malware Encryption Advertising Phishing

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

Crooks manipulate GitHub’s search results to distribute malware

Webinars

Trending Sources

Blacktail: Unveiling the tactics of a notorious cybercrime group

Webinars

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Europol lifts the lid on cybercrime tactics

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Expert warns of Turtle macOS ransomware

Magnet Goblin group used a new Linux variant of NerbianRAT malware

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Emotet Downloader Document Uses Regsvr32 for Execution

Statc Stealer, a new sophisticated info-stealing malware

State of Malware 2024: What consumers need to know

Linux variant of Cerber ransomware targets Atlassian servers

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

New Vultur malware version includes enhanced remote control and evasion capabilities

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

Raccoon Malware, a success case in the cybercrime ecosystem

How to recover files encrypted by Yanlouwang

Known ransomware attacks up 68% in 2023

UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

GravityRAT returns disguised as an end-to-end encrypted chat app

How to recover files encrypted by Yanluowang

Arrest, Seizures Tied to Netwalker Ransomware

Gootkit AaaS malware is still active and uses updated tactics

Bumblebee, a new malware loader used by multiple crimeware threat actors

Tedrade banking malware families target users worldwide

This New Malware Is Now a Favorite among Ransomware Gangs

Ukrainian Police Nab Six Tied to CLOP Ransomware

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Cyclops Ransomware group offers a multiplatform Info Stealer

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

YTStealer info-stealing malware targets YouTube content creators

New MATA Multi-platform malware framework linked to NK Lazarus APT

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

No, I Did Not Hack Your MS Exchange Server

Malware campaign hides a shellcode into Windows event logs

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Top 10 Malware Strains of 2021

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

GoTrim botnet actively brute forces WordPress and OpenCart sites

Picus Threat Library Is Updated for Trojans Targeting Banks in Latin America

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Stay Connected