Cybercrime, Software and Web Fraud - Cyber Security Informer

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Phishing Cybercrime Passwords

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. based Internet address for more than a decade — a remarkable achievement for such a high-profile cybercrime service.

Malware

Malware Cybercrime Internet Internet

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software. A cached copy of flashupdate[.]net

Cybercrime

Cybercrime Software VPN Backups

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. “I got thousands of grails.”

Social Engineering

Social Engineering Mobile Cybercrime Passwords

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

The underground cybercrime forums are now awash in pleas from people who are desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses. Cached versions of the site show that in 2010 the software which powers the network was produced with a copyright of “ Escort Software.”

Malware

Malware Cybercrime Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. “The 911[.]re

VPN

VPN Computers and Electronics Antivirus Software

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.” A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems.

Malware

Malware Cybercrime Ransomware Marketing

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: Darkbeast/Ke-la.com. In 2013, U.S.

Malware

Malware Passwords Accountability Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz

Malware

Malware Antivirus Cybercrime Hacking

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. Fory66399 insisted that their website — privnote[.]co Among those is rustraitor[.]info An archive.org copy of Rustraitor.

Phishing

Phishing Cryptocurrency DDOS Internet

Why Malware Crypting Services Deserve More Scrutiny

Security Boulevard

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Malware

Malware Cybercrime Antivirus Software

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Malware

Malware Banking Phishing DDOS

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” “Universal Admin,” is crimeware platform that first surfaced in 2016.

Phishing

Phishing Scams Banking Mobile

How Malicious Android Apps Slip Into Disguise

Krebs on Security

AUGUST 3, 2023

The company has since attributed this increase to a semi-automated malware-as-a-service offering in the cybercrime underground that will obfuscate or “crypt” malicious mobile apps for a fee. Eremin said Google flagged their initial May 9, 2023 report as “high” severity.

Mobile

Mobile Malware Banking Cybercrime

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S.

Cybercrime

Cybercrime Malware Internet Internet

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

One of the most common ways PPI affiliates generate revenue is by secretly bundling the PPI network’s installer with pirated software titles that are widely available for download via the web or from file-sharing networks. An example of a cracked software download site distributing Glupteba. Image: Google.com.

Passwords

Passwords Malware Internet Internet

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

JANUARY 17, 2024

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Punchmade Dev’s shop.

Cybercrime

Cybercrime Media Banking Accountability

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Krebs on Security

FEBRUARY 2, 2021

ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. Group-IB believes UltraRank is responsible for a slew of hacks that other security firms previously attributed to at least three distinct cybercrime groups.

Cybercrime

Cybercrime Media Accountability Hacking

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. The key works without the need for any special software drivers.

Mobile

Mobile Phishing Authentication Advertising

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

Kopeechka also has multiple affiliate programs, including one that pays app developers for embedding Kopeechka’s API in their software. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.” Image: Trend Micro. billion last year.

Accountability

Accountability Scams Cryptocurrency Advertising

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN.

Cybercrime

Cybercrime VPN Malware Penetration Testing

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. mail server responds “OK” = successful access).

Accountability

Accountability Authentication Passwords Hacking

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

The force was originally created to tackle a range of cybercrimes, but Tarazi says SIM swappers are a primary target now for two reasons. DARK WEB SOFTWARE? When pressed about the software again, there was a long, uncomfortable silence. Then Detective Tuttle spoke up. “Deal with it.”

Mobile

Mobile Cryptocurrency Accountability Passwords

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

Krebs on Security

APRIL 22, 2024

million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. According to RiskIQ, the attacks targeted online stores running outdated and unpatched versions of shopping cart software from Magento , Powerfront and OpenCart.

Cybercrime

Cybercrime Hacking Software Web Fraud

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. “At present, a large number of end users have complained on multiple social platforms,” reads a translated version of the DarkNavy blog post.

Malware

Malware eCommerce Mobile Media

Cyber Security Informer

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Trending Sources

911 Proxy Service Implodes After Disclosing Breach

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

No SOCKS, No Shoes, No Malware Proxy Services!

A Deep Dive Into the Residential Proxy Service ‘911’

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Interview With a Crypto Scam Investment Spammer

Who and What is Behind the Malware Proxy Service SocksEscort?

This Service Helps Malware Authors Fix Flaws in their Code

Giving a Face to the Malware Proxy Service ‘Faceless’

Why Malware Crypting Services Deserve More Scrutiny

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Why Malware Crypting Services Deserve More Scrutiny

Disneyland Malware Team: It’s a Puny World After All

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

How Malicious Android Apps Slip Into Disguise

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

The Link Between AWM Proxy & the Glupteba Botnet

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Service Rents Email Addresses for Account Signups

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Busting SIM Swappers and SIM Swap Myths

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Stay Connected