article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 299
article thumbnail

QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns

Heimadal Security

Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials. The malware […]. The post QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns appeared first on Heimdal Security Blog.

Malware 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking 305
article thumbnail

The Mask APT is back after 10 years of silence

Security Affairs

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. ” concludes the report.

article thumbnail

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. APT41 was known to hide its malware inside fake resumes that were sent to targets. APT41’s activities span from the mid-2000s to the present day.

Antivirus 363
article thumbnail

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware 143
article thumbnail

LockBit Malware Is Now Used by Evil Corp 

Heimadal Security

Also known as the Dridex gang or INDRIK SPIDER, the Russian cybercriminal gang Evil Corp has been active since at least 2007 and is known for distributing the Dridex malware. The post LockBit Malware Is Now Used by Evil Corp appeared first on Heimdal Security Blog. What Happened?

Malware 105