Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. ” reads the report published by WithSecure.

Malware 109

Malware Cybercrime Hacking Information Security 109

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. ru , which for many years was a place to download pirated e-books. ” Crypt[.]guru’s

Malware 212

Malware Antivirus Cybercrime Hacking 212

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 227

Malware Phishing Cybercrime 227

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. ” concludes the report.

Malware 117

Malware Cryptocurrency Encryption Hacking 117

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware.

Cybercrime 102

Cybercrime Malware Manufacturing Retail 102

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 133

Malware Cybercrime Phishing Ransomware 133

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. To set such a stratagem in motion, cybercriminals poison legitimate websites with ads that lead to shady URLs or download malicious code camouflaged as something harmless. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime 79

Cybercrime Advertising Engineering Antivirus 79

Krebs on Security

SEPTEMBER 13, 2023

The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. In a post on the English language cybercrime forum BreachForums , USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. But on Sept. But on Sept.

Cybercrime 277

Cybercrime Passwords Authentication Malware 277

Krebs on Security

MARCH 12, 2020

In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by John Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. As long as this pandemic remains front-page news, malware purveyors will continue to use it as lures to snare the unwary.

Malware 364

Malware Passwords Cybercrime Software 364

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. law enforcement agents in connection with various cybercrime investigations. FLATTENING THE CURVE.

Cybercrime 235

Cybercrime DDOS Advertising Hacking 235

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 101

Antivirus Malware DNS Cryptocurrency 101

Malwarebytes

SEPTEMBER 11, 2023

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. When the user opens the downloaded MSI file, the DarkGate infection is triggered.

Malware 121

Malware Social Engineering Cryptocurrency Cybercrime 121

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER?

Malware 234

Malware Cybercrime Software Antivirus 234

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime 93

Cybercrime Malware Phishing Internet 93

CSO Magazine

APRIL 18, 2023

Security researchers warn of a new malware loader that's used as part of the infection chain for the Aurora information stealer. The Aurora infostealer is written in Go and is operated as a malware-as-a-service platform that's advertised on Russian-language cybercrime forums.

Malware 120

Malware Cryptocurrency Cybercrime Advertising 120

CyberSecurity Insiders

JUNE 26, 2023

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. An interesting detail about the organization is that they do not make their own strains of malware. Two of the most popular tools that have been used by the cybercrime group are LockBit 3.0

Cybercrime 100

Cybercrime Social Engineering Ransomware Phishing 100

SecureWorld News

APRIL 11, 2024

The Raspberry Robin malware, a heavily obfuscated Windows worm first identified in late 2021, has become one of the most prevalent threats facing enterprises today. Jason Soroko, Senior Vice President of Product at Sectigo, discussed the sophistication of this malware.

Malware 81

Malware IoT Ransomware Manufacturing 81

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware 106

Adware Phishing Mobile Malware 106

Malwarebytes

SEPTEMBER 15, 2023

The report follows the Internet Organized Crime Assessment (IOCTA), Europol’s assessment of the cybercrime landscape and how it has changed over the last 24 months. These groups work closely with other malware-as-a-service groups to compromise high-revenue targets and post huge ransom demands, running into millions of Euros.

Cybercrime 110

Cybercrime Ransomware DDOS Backups 110

The Hacker News

DECEMBER 26, 2022

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. A C++-based malware,

Malware 90

Malware Cybercrime Marketing 90

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware 90

Malware Cybercrime Banking Software 90

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 119

Software Malware Cybercrime VPN 119

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware 105

Malware Cybercrime DDOS Social Engineering 105

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware 83

Malware Cybercrime Phishing Internet 83

CSO Magazine

JANUARY 19, 2022

Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more.

Malware 142

Malware Cybercrime Phishing Ransomware 142

Security Affairs

NOVEMBER 27, 2021

HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. Only through this level of global cooperation and coordination can national law enforcement effectively tackle what is a parallel cybercrime pandemic,” added Secretary General Stock.

Cybercrime 112

Cybercrime Scams Banking Malware 112

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Data collection 96

Data collection Mobile Malware Education 96

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. “While tracking the recent waves of Ivanti exploitation, we identified a number of activities leading to the download and deployment of an ELF file which turned out to be a Linux version of NerbianRAT.

Malware 102

Malware VPN Encryption Hacking 102

Security Affairs

APRIL 15, 2022

The cybercrime gang has been active since at least January 2020. The malware is also able to steal details from cryptocurrency wallets and load additional malware to conduct malicious operations. “It features the ability to steal sensitive information from victims and can download additional malware to infected systems.

Cybercrime 87

Cybercrime Malware Cryptocurrency Hacking 87

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. Pierluigi Paganini.

Cybercrime 95

Cybercrime Malware DDOS Ransomware 95

Heimadal Security

SEPTEMBER 6, 2021

It’s possible that the malicious group behind the campaign to be the FIN7 group, a cybercrime group also known as Carbanak or Navigator that specializes in stealing payment card data. This malicious code downloads a JavaScript backdoor allowing the attacker to deliver any payload they […]. What Happened?

Malware 125

Malware Cybercrime Cybersecurity 125

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. ” concludes the report. Pierluigi Paganini.

Malware 121

Malware Cybercrime Phishing Hacking 121

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking 125

Hacking Data breaches Cybercrime Information Security 125

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. SLAVEOF command – this allows adversaries to create a replica of the attacking server.

Malware 143

Malware DDOS Architecture Cryptocurrency 143

Security Affairs

MARCH 17, 2024

The researchers noticed that all the repositories were newly created repos leading to the same download link. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. The repositories look similar, featuring a README.md

Malware 109

Malware Passwords Software Hacking 109

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 90

Cybercrime Malware Cryptocurrency Advertising 90

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality. The dropper masquerades as the McAfee Security app.

Malware 111

Malware Banking Engineering Encryption 111