Cybercrime, Information Security, Malware and Phishing

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. Compromised websites and malware are often at the root of these types of attacks.

Cryptocurrency

Cryptocurrency Cybercrime Education Scams

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Endpoint Security : Install endpoint security solutions to fortify defenses against malware attacks. In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet.

Phishing

Phishing Ransomware Security Awareness Authentication

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. com”, which is a free online scanner.

Phishing

Phishing Cybercrime Manufacturing Hacking

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing

Phishing Cybercrime Mobile Internet

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware.

Phishing

Phishing Scams Education Passwords

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Operation Synergia led to the arrest of 31 individuals

Security Affairs

FEBRUARY 2, 2024

An international law enforcement operation, named Synergia, led to the arrest of 31 individuals involved in ransomware, banking malware, and phishing attacks. The international law enforcement operation was launched to curb the escalation and professionalisation of transnational cybercrime.

Cybercrime

Cybercrime Banking Phishing Malware

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. To nominate, please visit:?

Phishing

Phishing Cybercrime Ransomware Encryption

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. Pierluigi Paganini.

Cybercrime

Cybercrime Malware DDOS Ransomware

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. Pierluigi Paganini.

Malware

Malware Phishing Banking Hacking

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

Phishing Adware Retail Malware

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. Experts, for example, observed phishing emails using Microsoft Publisher (.pub) ” reads the post published by Proofpoint.

Malware

Malware Phishing Spyware Cybercrime

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “UNC2465’s move from drive-by attacks on website visitors or phishing emails to this software supply chain attack shows a concerning shift that presents new challenges for detection. .

Cybercrime

Cybercrime Ransomware Antivirus Software

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware

Malware Phishing Banking Hacking

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC. Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches

Data breaches Phishing Ransomware Malware

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. The sample is a binary compiled with Visual Basic which displays a fake Windows Security GUI and tray icon with a “healthy” system status, even if Windows Defender and other system functionalities are disabled.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

MARCH 14, 2024

“The phishing campaign employed open redirect URLs from Google Ad technologies to distribute fake Microsoft software installers (.MSI) “The fake installers contained a sideloaded DLL file that decrypted and infected users with a DarkGate malware payload.” MSI) installers. In mid-February, U.S.

Phishing

Phishing Malware Software Internet

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

Security Affairs

AUGUST 8, 2022

LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits. Resecurity, Inc.

Phishing

Phishing Passwords Threat Detection Cybercrime

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. — Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021.

Phishing

Phishing Banking Passwords Firewall

Large phishing campaign targets EMEA and APAC governments

Security Affairs

SEPTEMBER 20, 2021

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . SecurityAffairs – hacking, phishing).

Phishing

Phishing Government Cybercrime Hacking

AbstractEmu, a new Android malware with rooting capabilities

Security Affairs

OCTOBER 28, 2021

AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu , with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e.

Malware

Malware Cybercrime Mobile Banking

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. SecurityAffairs – hacking, cyber security). ” concludes the report.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ” reads the report published by the security firm. SecurityAffairs – hacking, Amadey malware).

Malware

Malware Ransomware Cybercrime Phishing

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer.

Phishing

Phishing Passwords Banking Malware

Police dismantled a gang that used phishing sites to steal credit cards

Security Affairs

FEBRUARY 22, 2022

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. Pierluigi Paganini.

Phishing

Phishing Banking Mobile Telecommunications

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. Pierluigi Paganini.

Malware

Malware Phishing Passwords Hacking

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to the gang behind the Qakbot malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime) 61,9% of the victims are in the US, 15.8% in Germany, and 5.9%

Ransomware

Ransomware Hacking Healthcare Retail

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.”

Cybercrime

Cybercrime Malware Education Phishing

FraudGPT, a new malicious generative AI tool appears in the threat landscape

Security Affairs

JULY 26, 2023

FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. According to Netenrich, this generative AI bot was trained for offensive purposes, such as creating spear phishing emails, conducting BEC attacks, cracking tools, and carding. ” concludes the report.

Artificial Intelligence

Artificial Intelligence Cybercrime Phishing Advertising

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. SAP redirect vulnerability is a security issue that affects web application servers for SAP products (SAP NetWeaver Application Server Java).

Phishing

Phishing Manufacturing Firewall Cybercrime

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

Security Affairs

AUGUST 7, 2022

Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft 365 users. com open redirect. Pierluigi Paganini.

Phishing

Phishing Architecture Hacking Accountability

Threat actors leverage Microsoft Teams to spread malware

Security Affairs

FEBRUARY 17, 2022

Once an attacker obtained Microsoft 365 credentials, for example from a previous phishing campaign or data breach, that can access Teams and other Office applications. Once the attackers have gained access to an organization, they can determine defense solutions that are installed and use the proper malware to bypass existing protections. .

Malware

Malware Phishing Accountability Data breaches

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Downloaders , intended for the installation of additional malware,and backdoors , granting cybercriminals remote access to victims’ computers, also made it to top-3.

Phishing

Phishing Ransomware Spyware Banking

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

Cryptocurrencies and cybercrime: A critical intermingling

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Webinars

Trending Sources

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Webinars

FIN7 targeted a large U.S. carmaker phishing attacks

Hackers abusing the Ngrok platform phishing attacks

TA558 cybercrime group targets hospitality and travel orgs

Phishing, the campaigns that are targeting Italy

Carbanak malware returned in ransomware attacks

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Operation Synergia led to the arrest of 31 individuals

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Raccoon Malware, a success case in the cybercrime ecosystem

IcedID malware campaign targets Zoom users

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Info stealers and how to protect against them

China-based Fangxiao group behind a long-running phishing campaign

Xenomorph malware is back after months of hiatus and expands the list of targets

New TA886 group targets companies with custom Screenshotter malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

WikiLoader malware-as-a-service targets Italian organizations

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Recent DarkGate campaign exploited Microsoft Windows zero-day

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

HTML Smuggling technique used in phishing and malspam campaigns

Large phishing campaign targets EMEA and APAC governments

AbstractEmu, a new Android malware with rooting capabilities

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Police dismantled a gang that used phishing sites to steal credit cards

Crooks use HTML smuggling to spread QBot malware via SVG files

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Grandoreiro banking malware targets Mexico and Spain

APWG: Phishing maintained near-record levels in the first quarter of 2021

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

FraudGPT, a new malicious generative AI tool appears in the threat landscape

Don’t trust links with known domains: BMW affected by redirect vulnerability

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

Threat actors leverage Microsoft Teams to spread malware

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Stay Connected