Cybercrime, Information Security, Malware and VPN

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising

Advertising Cybercrime Malware Cryptocurrency

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

The newer cybercrime triad: TrickBot-Emotet-Conti

Security Affairs

NOVEMBER 20, 2021

The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation. Last week researchers from multiple cybersecurity firms ([Cryptolaemus], [GData], and [Advanced Intel]) reported that threat actors are using the TrickBot malware to drop an Emoted loader on infected devices.

Cybercrime

Cybercrime Ransomware Banking Malware

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 6 Run a Linux command immediately.

Malware

Malware VPN Encryption Hacking

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software

Software Malware Cybercrime VPN

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime

Cybercrime Ransomware Antivirus Software

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches VPN Hacking Banking

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. SecurityAffairs – hacking, RedLine malware). This variant uses 207[.]32.217.89 as its C2 server through port 14588.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

Security Affairs

SEPTEMBER 3, 2022

The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer , which allows to secretly steal a copy of the data exfiltrated from the victims.

Malware

Malware Cybercrime VPN Marketing

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The malware is able to take JPG screenshots of the victim’s desktop and submitting it to a remote C2 via a POST to a hardcoded IP address.

Malware

Malware Phishing Spyware Cybercrime

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. The threat actors obtained the VPN credentials through phishing attacks.

Hacking

Hacking VPN Ransomware Cybercrime

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware

Malware VPN Authentication Hacking

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Threat actors use these RESIPs to evade detection.

VPN

VPN Accountability Firewall Data breaches

17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware

Security Affairs

JULY 31, 2022

The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. ” concludes the report.

Banking

Banking Malware VPN Hacking

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability

Accountability Malware Data breaches Passwords

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. “We The popular investigator Brian Krebs and Spur.us

Malware

Malware Small Business Advertising Passwords

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Small Business Hacking Malware

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

According to the NCSC-FI, six out of seven infections were caused by Akira family malware. “Of these, three were found to be activated during the longer vacations of the Christmas season. In addition, during Christmas, there was one incident caused by another ransomware malware family.”

Ransomware

Ransomware Backups VPN Authentication

Five Canadian Hospitals impacted by a ransomware attack on TransForm provider

Security Affairs

NOVEMBER 8, 2023

In October, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware Healthcare VPN Insurance

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

According to the NCSC-FI, six out of seven infections were caused by Akira family malware. In addition, during Christmas, there was one incident caused by another ransomware malware family.” The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Backups VPN Authentication

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches

Data breaches Phishing Ransomware Malware

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. ” concludes the report.

Malware

Malware Advertising Cybercrime Passwords

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

According to the NCSC-FI, six out of seven infections were caused by Akira family malware. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware VPN Government Retail

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. through 4.73, VPN series firmware versions 4.60 VPN ZLD V4.60 USG FLEX ZLD V4.60

Firewall

Firewall Firmware VPN DDOS

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% If you want to also receive for free the newsletter with the international press subscribe here.

Spyware

Spyware Manufacturing Small Business Surveillance

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Install and regularly update antivirus and anti-malware software on all hosts.

Ransomware

Ransomware Antivirus Passwords Malware

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

Hacking

Hacking Cybercrime Data breaches Advertising

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs

MAY 17, 2022

Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware on several Dark Web communities. ” Zagala designed multiple ransomware and sold or rented them in the cybercrime ecosystem. . ” reads the press release published by DoJ.

Ransomware

Ransomware Cybercrime VPN Malware

Security Affairs newsletter Round 319

Security Affairs

JUNE 20, 2021

New Device Fingerprint Spoofing Tool Available in Dark Web The source code of the Paradise Ransomware was leaked on XSS hacking forum Fujifilm restores operations after recent ransomware attack Cyberium malware-hosting domain employed in multiple Mirai variants campaigns A flaw in Peloton Bike+ could allow hackers to control it An international joint (..)

Data breaches

Data breaches DDOS Small Business Ransomware

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks. The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

Ransomware

Ransomware DDOS Telecommunications Malware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN

VPN Ransomware DNS Malware

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware

Malware Phishing VPN Accountability

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. ” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. . key files.

Encryption

Encryption Ransomware Cybercrime Malware

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The group used various attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. According to a report published by blockchain analytics company Chainalysis, the Hive operation is one of the top 10 ransomware strains by revenue in 2021.

Ransomware

Ransomware Cryptocurrency Cybercrime VPN

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Trending Sources

Bulletproof VPN services took down in a global police operation

Webinars

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

The newer cybercrime triad: TrickBot-Emotet-Conti

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

New RedLine malware version distributed as fake Omicron stat counter

15 billion credentials available in the cybercrime marketplaces

The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

New TA886 group targets companies with custom Screenshotter malware

Daixin Team group claimed the hack of North Texas Municipal Water District

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Okta warns of unprecedented scale in credential stuffing attacks on online services

17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Akira ransomware targets Finnish organizations

Five Canadian Hospitals impacted by a ransomware attack on TransForm provider

Akira ransomware targets Finnish organizations

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

REvil Ransomware member win the auction for KPot stealer source code

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Daixin Team targets health organizations with ransomware, US agencies warn

Akira ransomware received $42M in ransom payments from over 250 victims

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Widespread exploitation by botnet operators of Zyxel firewall flaw

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs newsletter Round 377

BlackCat Ransomware gang breached over 60 orgs worldwide

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Venezuelan cardiologist accused of operating and selling Thanos ransomware

Security Affairs newsletter Round 319

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Interview With a Crypto Scam Investment Spammer

FIN8-linked actor targets Citrix NetScaler systems

CERT-UA warns of an ongoing SmokeLoader campaign

New Hive ransomware variant is written in Rust and use improved encryption method

French authorities arrested a Russian national for his role in the Hive ransomware operation

Stay Connected