Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. ” reads the report published by WithSecure.

Malware 105

Malware Cybercrime Hacking Information Security 105

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime 91

Cybercrime Malware Phishing Internet 91

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime 116

Cybercrime Ransomware DDOS Encryption 116

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware 104

Malware Spyware Authentication Mobile 104

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Merely checking for known vulnerabilities is insufficient.

Malware 112

Malware Cryptocurrency Encryption Hacking 112

Security Affairs

JUNE 19, 2023

Cado researchers recently detected an interesting attack pattern linked to an emerging cybercrime group tracked as Diicot (formerly, “Mexals”) and described in analyses published by Akamai and Bitdefender. Researchers found evidence that Diicot threat actors are expanding their capabilities with new payloads and the Cayosin Botnet.

Cybercrime 85

Cybercrime DDOS Internet Internet 85

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware 100

Malware Social Engineering Retail Engineering 100

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware 104

Malware Cryptocurrency Accountability Cybercrime 104

Security Affairs

NOVEMBER 20, 2021

The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation. Last week researchers from multiple cybersecurity firms ([Cryptolaemus], [GData], and [Advanced Intel]) reported that threat actors are using the TrickBot malware to drop an Emoted loader on infected devices.

Cybercrime 98

Cybercrime Ransomware Banking Malware 98

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. No other information looked to be compromised in the attack.”

Cybercrime 145

Cybercrime DDOS Hacking Passwords 145

Security Affairs

NOVEMBER 27, 2021

HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. Only through this level of global cooperation and coordination can national law enforcement effectively tackle what is a parallel cybercrime pandemic,” added Secretary General Stock.

Cybercrime 108

Cybercrime Scams Banking Malware 108

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 97

Antivirus Malware DNS Cryptocurrency 97

Security Affairs

APRIL 15, 2022

ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The cybercrime gang has been active since at least January 2020. SecurityAffairs – hacking, cybercrime). ” concludes the experts. Pierluigi Paganini.

Cybercrime 85

Cybercrime Malware Cryptocurrency Hacking 85

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware 90

Malware Cybercrime Banking Hacking 90

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 87

Cybercrime Malware Cryptocurrency Advertising 87

Security Affairs

JULY 8, 2021

Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. SecurityAffairs – hacking, cybercrime).

Cybercrime 111

Cybercrime Malware Hacking Information Security 111

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware 101

Malware Cybercrime DDOS Social Engineering 101

Security Affairs

MARCH 13, 2021

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. The servers were used by cybercrime gangs and APT groups, including Iran-linked Charming Kitten and APT39 groups, the Bahamut cybercrime group, and the Vietnam-linked OceanLotus APT.

Cybercrime 140

Cybercrime Malware Hacking Accountability 140

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. Pierluigi Paganini.

Cybercrime 91

Cybercrime Malware DDOS Ransomware 91

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 113

Malware Ransomware Banking Healthcare 113

Security Affairs

MAY 20, 2023

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime 87

Cybercrime Ransomware Security Intelligence Hacking 87

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. SecurityAffairs – hacking, cybercrime). The prices for this service varied between US$7 to US$40.”

Malware 130

Malware Antivirus Cybercrime Software 130

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. Pierluigi Paganini.

Cybercrime 115

Cybercrime Security Intelligence Authentication Banking 115

Security Affairs

MARCH 23, 2024

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. Malware uses this difference to try and stay hidden.

Malware 130

Malware Engineering Hacking Cybercrime 130

Security Affairs

MARCH 6, 2024

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances.

Malware 138

Malware Cryptocurrency Engineering Internet 138

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware 88

Malware Cybercrime Banking Software 88

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 116

Software Malware Cybercrime VPN 116

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime 91

Cybercrime Ransomware Education Media 91

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking 113

Banking Cybercrime Malware Accountability 113

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware 106

Malware Banking Engineering Encryption 106

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware 81

Malware Cybercrime Phishing Internet 81

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. The post Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide appeared first on Security Affairs.

Cybercrime 95

Cybercrime Phishing Banking Telecommunications 95

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. ” Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime 90

Cybercrime Cryptocurrency Penetration Testing Malware 90

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime 104

Cybercrime Ransomware Antivirus Software 104

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime 118

Cybercrime Antivirus Marketing Accountability 118

Security Affairs

JANUARY 1, 2024

Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The researchers discovered that the malware targets Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in. ” continues the report.

Malware 130

Malware Penetration Testing Passwords Encryption 130

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 4 Run a Linux command in a separate thread.

Malware 98

Malware VPN Encryption Hacking 98