Cybercrime, Download and Hacking - Cyber Security Informer

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. for customers to use as needed.

Cybercrime

Cybercrime Data breaches Technology Banking

Leader of Qakbot cybercrime network indicted in U.S. crackdown

Security Affairs

MAY 24, 2025

Justice Department filed a civil forfeiture complaint to seize over $24M in crypto from Gallyamov, part of a multinational cybercrime crackdown. “These actions are the latest step in an ongoing multinational effort by the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada to combat cybercrime.”

Cybercrime

Cybercrime Cryptocurrency Ransomware Malware

The Silent Breach: How E-Waste Fuels Cybercrime

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime?

Cybercrime

Cybercrime Computers and Electronics Firewall Hacking

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government

Government Hacking Ransomware Insurance

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. .

Malware

Malware Identity Theft Scams Antivirus

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware)

Ransomware

Ransomware Hacking Social Engineering Manufacturing

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. This file contained an authentication token that allowed the attacker to download the Internet Archive’s source code, which included additional credentials and tokens.

Internet

Internet Internet Data breaches Authentication

Belk hit by May cyberattack: DragonForce stole 150GB of data

Security Affairs

JULY 15, 2025

The stolen data are available for download, a circumstance that suggests a failed negotiation. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims. Belk is offering affected individuals 12 months of free credit monitoring and identity restoration services.

Data breaches

Data breaches Retail Ransomware Cybercrime

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Security Affairs

APRIL 23, 2025

is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of applications and websites use this package, the package has been downloaded over 2.9 It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads.”

Cryptocurrency

Cryptocurrency Malware Hacking Risk

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Security Affairs

JUNE 19, 2025

“Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader.” Upon launching the game, the fake mod downloads a second-stage stealer, which then fetches an additional.NET-based stealer.

Malware

Malware Cyber threats VPN Hacking

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Security Affairs

MAY 27, 2025

The first vulnerability, CVE-2024-57727 (CVSS score of 7.5), is an unauthenticated path traversal issue allowing attackers to download arbitrary files from the server. Attackers could download files, upload files with admin privileges, and escalate their access to an administrative level on vulnerable servers.

Ransomware

Ransomware Software Retail Data breaches

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

Security Affairs

NOVEMBER 27, 2024

Russian-based cybercrime group RomCom (aka UAT-5647 , Storm-0978 , Tropical Scorpius , UAC-0180, UNC2596 ) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America. . This leads to downloading and executing the RomCom backdoor from C2 servers like journalctd[.]live,

Cybercrime

Cybercrime Hacking Government Information Security

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. 3 ” reads the alert published by the FBI. ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

Once executed, it downloads the payload directly into memory. “Once opened, the LNK file executes a Powershell command to download an MSI file from a remote server, renames it as “%AppData%y.msi”, and then executes/installs it using the Microsoft msiexec.exe tool.” lnk” that, once executed, starts the attack chain.

Malware

Malware Phishing Ransomware Hacking

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

We’ve archived the leak and made it available for download on GitHub.” We've archived the leak and made it available for download on GitHub. ” Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.

Malware

Malware Cryptocurrency Encryption Hacking

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

The attack involves executing a cmd script followed by a PowerShell script, which downloads three executables, including the Amadey botnet and two.NET executables (32-bit and 64-bit). The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques.

Software

Software Cryptocurrency Malware Encryption

Authorities released free decryptor for Phobos and 8base ransomware

Security Affairs

JULY 18, 2025

The software can be downloaded from the police website and Europol’s NoMoreRansom site. In November 2024, Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Ransomware

Ransomware Encryption Malware Antivirus

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Upon executing the archive, it drops a malicious Windows executable, which eventually downloads and executesthe PLAYFULGHOST payloadfrom a remote server. sys driver.

Malware

Malware Encryption Phishing Hacking

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com)

Antivirus

Antivirus Malware Banking Passwords

Malicious Go Modules designed to wipe Linux systems

Security Affairs

MAY 4, 2025

Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) ” read the report published by Socket.

Software

Software Hacking Malware Cybercrime

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser credentials, crypto wallets, and may install remote access trojans like XWorm. Noodlophile is being sold on cybercrime forums as part of malware-as-a-service schemes, often bundled with tools for credential theft.

Malware

Malware Media Cybercrime Scams

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

In October 2024, Cisco confirmed that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published.

Data breaches

Data breaches Cybercrime Authentication Technology

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing

Phishing Antivirus Encryption Hacking

Malicious NPM packages target PayPal users

Security Affairs

APRIL 14, 2025

“We urge the public to be cautious when downloading packages and to ensure they are from trusted sources to avoid falling victim to such attacks.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malicious NPM packages) .” concludes the report.

Cryptocurrency

Cryptocurrency Hacking Accountability Cybercrime

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Security Affairs

FEBRUARY 24, 2025

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. The Finance Simplified app is still available on Google Play at the time of this reports publication, with downloads doubling to 100,000 in a week. ” reads the report published by CYFIRMA.

Malware

Malware Marketing Hacking Mobile

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js runtime and a compiled JavaScript file. components.

Social Engineering

Social Engineering Malware Cryptocurrency Engineering

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware) ” reads the report published by Gen Digital.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

This is just one of many channels involved in cybercrime, but it's noteworthy due to the huge amount of freely accessible data. Alice downloaded, onto her personal laptop, a version of Notepad++ from a website she believed to be legitimate.

Passwords

Passwords Accountability VPN Malware

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Security Affairs

MAY 5, 2025

Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. “This hack is called a Supply Chain Attack, which is one of the worst types. Meetanshi claims no tampering but confirms their server was hacked.

eCommerce

eCommerce Hacking Authentication Software

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

Security Affairs

APRIL 3, 2025

The investigation was led by the State Criminal Police of Bavaria (Bayerisches Landeskriminalamt) and the Bavarian Central Office for the Prosecution of Cybercrime (ZCB) with the support of Europol. “Unlike other known platforms of this kind, Kidflix not only enabled users to download CSAM but also to stream video files.

Cryptocurrency

Cryptocurrency Cybercrime Hacking Information Security

Hacking campaign compromised at least 16 Chrome browser extensions

Security Affairs

DECEMBER 31, 2024

contacted a hardcoded C&C server to download configuration and executed HTTP calls, and content.js Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,Google Chrome) The malicious extension used two files: worker.js

Hacking

Hacking Phishing VPN Malware

Malicious npm packages target Ethereum developers

Security Affairs

JANUARY 4, 2025

The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”

Encryption

Encryption Hacking Cybercrime Information Security

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

” Nebulous Mantis imitates trusted services like OneDrive to trick victims into downloading infected files, often hosted on Mediafire. Post-infection, a fake PDF triggers an EXE that checks for sandbox evasion markers before downloading further payloads like Keyprov.dll. The APT group uses RomCom malware in multi-stage attacks.

Encryption

Encryption Ransomware Malware Phishing

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Chinese Android phone ) ” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware.

Malware

Malware Manufacturing Mobile Spyware

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Security Affairs

APRIL 7, 2025

Though distinct from groups like Scattered Spider and CryptoChameleon , the attack reflects growing threats in the broader The Com cybercrime ecosystem. They used targeted phishing emails, such as a Sending Privileges Restricted lure, to steal credentials and automate downloads of contact lists.

Scams

Scams Cryptocurrency Phishing Cybercrime

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

The malicious code acts as a backdoor allowing attackers to download and install third-party software secretly. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

PCMag cited the case of a gamer who downloaded the game and reported that his accounts were hijacked using stolen cookies. SteamDB estimates that over 800 users may have downloaded the game. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Valve)

Malware

Malware Antivirus Accountability Software

Silent Ransom Group targeting law firms, the FBI warns

Security Affairs

MAY 24, 2025

Indicators of SRG activity include unauthorized downloads of tools like Zoho Assist or AnyDesk, external WinSCP/Rclone connections, ransom emails or calls from unnamed groups, and phishing emails about subscriptions urging recipients to call a number to cancel charges. ” concludes the report.

Social Engineering

Social Engineering Antivirus Phishing Authentication

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

” Upon exploiting the vulnerability, the malicious code can inject commands via the ntp parameter, allowing attackers to download Mirai-based malware through HTTP POST requests over port 80, referencing IP Address :80/cfg_system_time.htm in the HTTP Referer header. dyn” for C2 communication. .”

Manufacturing

Manufacturing Malware Firmware IoT

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

com to distribute an infected archive, which had over 40,000 downloads. The above campaign limited itself to distributing a miner, but threat actors could start to use this vector for more complex attacks, including data theft and downloading other malware. Attackers used the malicious site gitrok[.]com

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Security Affairs

JANUARY 22, 2025

It extracts Python backdoors from ZIP files downloaded via remote SharePoint links and employs techniques associated with the FIN7 threat actor. Once access was established, the attacker used a web browser to download a malicious payload, which was split into parts, reassembled, and unpacked to deploy malware.

Ransomware

Ransomware Malware Social Engineering Hacking

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Security Affairs

MARCH 30, 2025

” Ransomware gang Cl0p leaked files from Rackspace Technology and listed ~170 companies allegedly hacked via zero-day vulnerabilities in Cleos file-transfer software. Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution. reads the advisory.

Ransomware

Ransomware Data breaches Software Hacking

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

The emails contained links that downloaded a malicious file (wine.zip). GRAPELOADER is a 64-bit DLL (ppcore.dll) used as an initial-stage downloader, triggered via its PPMain function through DLL side-loading by wine.exe. The phishing campaign used domains like bakenhof[.]com com and silry[.]com

Malware

Malware Phishing Encryption Hacking

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Clicking the “Download PDF” button leads to a zip payload from MediaFire. Clicking the “Download PDF” button triggers a JavaScript function that checks the browser and platform, then retrieves a Mediafire URL from a PHP file to download a.zip file. contaboserver[.]net.

Banking

Banking Phishing Malware Passwords

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Leader of Qakbot cybercrime network indicted in U.S. crackdown

Trending Sources

The Silent Breach: How E-Waste Fuels Cybercrime

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

FBI warns of malicious free online document converters spreading malware

Cloak ransomware group hacked the Virginia Attorney General’s Office

Internet Archive was breached twice in a month

Belk hit by May cyberattack: DragonForce stole 150GB of data

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Experts warn of a new wave of Bumblebee malware attacks

The source code of Banshee Stealer leaked online

New MassJacker clipper targets pirated software seekers

Authorities released free decryptor for Phobos and 8base ransomware

PLAYFULGHOST backdoor supports multiple information stealing features

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Malicious Go Modules designed to wipe Linux systems

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Cisco states that the second data leak is linked to the one from October

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Malicious NPM packages target PayPal users

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Node.js malvertising campaign targets crypto users

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

Hacking campaign compromised at least 16 Chrome browser extensions

Malicious npm packages target Ethereum developers

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Silent Ransom Group targeting law firms, the FBI warns

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Crooks are reviving the Grandoreiro banking trojan

Stay Connected