2008, Hacking and Malware - Cyber Security Informer

PlugX malware deleted from thousands of systems by FBI

Malwarebytes

JANUARY 16, 2025

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the Peoples Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers.

Malware

Malware DNS Internet Internet

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking

Hacking Advertising Government Engineering

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

NOVEMBER 26, 2020

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. “If you have ever run this script on Windows 7 or Windows Server 2008 R2 , you probably noticed a weird recurring result and perhaps thought that it was a false positive just as I did.

Hacking

Hacking Information Security Malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. ru in 2008.

Malware

Malware Cybercrime Software Accountability

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. ” reads the report published by Google.

Malware

Malware Encryption Phishing Hacking

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

MAY 17, 2022

The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit , a fairly common but dangerous trojan horse that spreads by appending itself to other files. He said Saicoo did not address his concern that the driver package on its website was bundled with malware. Image: Virustotal.com.

Malware

Malware Government Internet Internet

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. It was also the first major Olympics event where organizers braced for hacking related impact.

Scams

Scams Hacking Malware Mobile

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet

Internet Internet Software Engineering

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. PPI programs) to generate new installations of their malware.”

Passwords

Passwords Malware Internet Internet

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

MARCH 9, 2021

Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users. Top of the heap this month (apart from the ongoing, global Exchange Server mass-compromise ) is a patch for an Internet Explorer bug that is seeing active exploitation.

DNS

DNS Internet Internet Software

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware Advertising InfoSec Hacking

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket. An advertisement for the ButterFly Bot.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Threatpost

NOVEMBER 13, 2018

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

Malware

Malware Hacking

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The forum’s member roster includes a Who’s Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft. Some of those photos date back to 2008.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. SecurityAffairs – hacking, LuoYu).

Malware

Malware Telecommunications Hacking Internet

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

Security Affairs

JULY 28, 2024

French authorities and Europol are conducting a “disinfection operation” targeting hosts compromised by the PlugX malware. The French authorities, with the help of Europol, have launched on July 18, 2024, a “ disinfection operation ” to clean hosts infected with the PlugX malware.

Malware

Malware Internet Internet Cybersecurity

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

Microsoft Patch Tuesday, February 2020 Edition

Krebs on Security

FEBRUARY 11, 2020

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

Backups

Backups Malware Internet Internet

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

FEBRUARY 7, 2021

Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. SecurityAffairs – hacking, Nespresso). The vulnerability was disclosed by the security researcher Polle Vanhoof.

Hacking

Hacking Technology Software Engineering

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

JUNE 3, 2019

.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

Ransomware

Ransomware Accountability Malware Government

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

OCTOBER 21, 2018

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. It shows how hackers combined the tool to carry out high sophisticated hacking operations. Security Affairs – NSA hacking tools, DarkPulsar ).

Hacking

Hacking Energy and Utilities Advertising Authentication

PlugX malware delivered by exploiting flaws in Chinese programs

Security Affairs

MARCH 11, 2023

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.

Malware

Malware Software Hacking Information Security

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘ Mariposa ‘ botnet. Spanish for “Butterfly,” Mariposa was a potent crime machine first spotted in 2008. “TM passed this information on to Brian Krebs.”

Cybercrime

Cybercrime Malware Antivirus Banking

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware

Malware Banking Software Cybercrime

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

SEPTEMBER 28, 2021

Consider the scenario where an attacker drops a malware-laden USB flash drive in the parking lot of a company he wants to hack into. A USB stick with malware is very likely how U.S. In 2008, a cyber attack described at the time as “the worst breach of U.S.

Mobile

Mobile Phishing Malware Software

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. SecurityAffairs – hacking, malware).

Malware

Malware Passwords Hacking Information Security

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. osum0x0 also published a video PoC that shows how to exploit the BlueKeep vulnerability on a Windows 2008 system.

Penetration Testing

Penetration Testing Advertising Malware Authentication

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. ” concludes Microsoft.

Malware

Malware Phishing Ransomware Hacking

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. Guerrero-Saade discovered that the SIG37 campaign references hacking activities dated back as far as 2008 that was carried out by an unknown threat actor, the expert tracked it as Nazar.

Hacking

Hacking Advertising Malware Engineering

Patch Tuesday, December 2019 Edition

Krebs on Security

DECEMBER 10, 2019

The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

Backups

Backups Software Malware Marketing

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote access trojan (RAT), tracked as MysterySnail. SecurityAffairs – hacking, Windows).

Hacking

Hacking Malware Government Technology

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Hacking Cybercrime Information Security

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. SecurityAffairs – BlueKeep, hacking). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. SecurityAffairs – hacking, Black Basta ransomware).

Ransomware

Ransomware Backups Malware Firewall

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Threat actors behind the QakBot malware are still active, since August they are carrying out a phishing campaign delivering Ransom Knight ransomware and Remcos RAT. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Duck Hunt is one of the largest U.S. .

Malware

Malware Ransomware Phishing Hacking

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

The feds allege Aqua led an elite cybercrime ring with at least 16 others who used advanced, custom-made strains of malware known as “ JabberZeus ” and “ Bugat ” (a.k.a. KrebsOnSecurity first encountered Aqua’s work in 2008 as a reporter for The Washington Post. Here’s where it got interesting.

Cybercrime

Cybercrime Banking Small Business Accountability

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Pierluigi Paganini.

Authentication

Authentication Advertising Malware Firewall

Patch Tuesday, November 2019 Edition

Krebs on Security

NOVEMBER 12, 2019

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Backups

Backups Internet Internet Media

Experts add a BlueKeep exploit module to MetaSploit

Security Affairs

SEPTEMBER 7, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.”

Penetration Testing

Penetration Testing Advertising Malware Engineering

Microsoft warns for the second time of applying BlueKeep patch

Security Affairs

MAY 31, 2019

BlueKeep is a wormable flaw that can be exploited by malware authors to create malicious code with WannaCry capabilities. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. ” Microsoft also pointed out that workstations not connected to the Internet are also exposed to the risk of a hack.

Internet

Internet Internet Malware Advertising

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Some of the victims’ ransom payments were sent by both Conti and Black Basta groups to gang behind the Qakbot malware. Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Malware Retail Insurance

PlugX malware deleted from thousands of systems by FBI

CIA Hacking unit APT-C-39 hit China since 2008

Trending Sources

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Why Malware Crypting Services Deserve More Scrutiny

PLAYFULGHOST backdoor supports multiple information stealing features

When Your Smart ID Card Reader Comes With Malware

The Olympics: a timeline of scams, hacks, and malware

Microsoft Issues Emergency Fix for IE Zero Day

Who and What is Behind the Malware Proxy Service SocksEscort?

The Link Between AWM Proxy & the Glupteba Botnet

Microsoft Patch Tuesday, March 2021 Edition

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Canada Charges Its “Most Prolific Cybercriminal”

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

From Cybercrime Saul Goodman to the Russian GRU

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

Purple Lambert, a new malware of CIA-linked Lambert APT group

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Microsoft Patch Tuesday, February 2020 Edition

Hacking Nespresso machines to have unlimited funds to purchase coffee

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

PlugX malware delivered by exploiting flaws in Chinese programs

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

A look at the 2020–2022 ATM/PoS malware landscape

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Expert developed a MetaSploit module for the BlueKeep flaw

Qakbot is back and targets the Hospitality industry

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Patch Tuesday, December 2019 Edition

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Qakbot operations continue to evolve to avoid detection

NSA urges Windows Users and admins to Patch BlueKeep flaw

Black Basta ransomware operators leverage QBot for lateral movements

QakBot threat actors are still operational after the August takedown

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

DHS also issued an alert for the Windows BlueKeep flaw

Patch Tuesday, November 2019 Edition

Experts add a BlueKeep exploit module to MetaSploit

Microsoft warns for the second time of applying BlueKeep patch

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Stay Connected