Remove 2008 Remove Cybercrime Remove Malware
article thumbnail

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. ru at DomainTools.com reveals this address has been used to register at least 10 domain names since 2008.

article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. ru in 2008. su from 2008. su from 2008.

Malware 283
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “ Evil Corp ” and stole roughly $100 million from businesses and consumers. HITCHED TO A MULE.

article thumbnail

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware 251
article thumbnail

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket. ” The U.S.

article thumbnail

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 211
article thumbnail

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. issued international arrest warrant for his extradition.