article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 303
article thumbnail

QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns

Heimadal Security

Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials. The malware […]. The post QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns appeared first on Heimdal Security Blog.

Malware 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking 309
article thumbnail

The Mask APT is back after 10 years of silence

Security Affairs

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. ” concludes the report.

article thumbnail

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware 143
article thumbnail

FBI Leads Global Onslaught Against Qakbot Malware

ZoneAlarm

In an ambitious international operation, law enforcement agencies, spearheaded by the FBI, have neutralized the Qakbot malware infrastructure. This significant move not only marks a large-scale effort to actively combat malware but also underscores the intensified global threat posed by cyber-extortion campaigns, primarily ransomware.

Malware 99
article thumbnail

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Malware 141