Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware 272

Malware Antivirus Cybercrime Hacking 272

Schneier on Security

NOVEMBER 24, 2023

The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond.

Malware 318

Malware Government 318

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware 293

Malware Passwords Accountability Advertising 293

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware 225

Malware Advertising Marketing System Administration 225

Krebs on Security

DECEMBER 4, 2024

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. An FBI wanted poster for Matveev. Matveev, a.k.a. prosecutors allege.

Cybercrime 231

Cybercrime Ransomware Cryptocurrency Government 231

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 287

Mobile Malware Technology Government 287

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.

Government 286

Government Malware Cybercrime 286

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. ” reads the advisory. ” concludes the report.

Hacking 128

Hacking Firmware Software Manufacturing 128

CyberSecurity Insiders

JULY 26, 2021

A new malware dubbed as DevilsTongue has been found circulating on the web these days and it’s said that it is targeting Microsoft Windows Systems, iPhones, Macs, Android based computing devices like smart watches and televisions and several cloud networks across the globe.

Software 145

Software Malware Threat Detection Passwords 145

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware 145

Malware Advertising Ransomware Encryption 145

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 145

Malware Encryption Advertising Passwords 145

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware 144

Malware Advertising Cryptocurrency Accountability 144

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware 136

Malware Ransomware Banking Healthcare 136

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing 302

Marketing Energy and Utilities Malware Ransomware 302

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The post Romanians arrested for running underground malware services appeared first on Security Affairs.

Malware 141

Malware Antivirus Cybercrime Software 141

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. The account didn’t resume posting on the forum until April 2014. 5, 2014 , but historic DNS records show BHproxies[.]com million from private investors.

Accountability 289

Accountability Advertising Marketing Malware 289

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware 360

Ransomware Malware Healthcare Internet 360

Krebs on Security

JUNE 16, 2021

While CLOP as a moneymaking collective is fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “ TA505 ,” which MITRE ‘s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Ransomware 357

Ransomware Cybercrime Malware Encryption 357

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware 143

Malware Antivirus Phishing Cryptocurrency 143

Security Affairs

AUGUST 26, 2020

after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. “He explained the malware attacks the systems in two ways.

Malware 145

Malware DDOS Advertising Hacking 145

The Hacker News

MAY 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. XorDdos' modular

Malware 124

Malware Encryption 124

Krebs on Security

OCTOBER 26, 2021

According to that source, the payment processor found that the PAX terminals were being used both as a malware “dropper” — a repository for malicious files — and as “command-and-control” locations for staging attacks and collecting information.

Technology 72

Technology Retail Computers and Electronics Malware 72

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. MMD believed the Linux Trojan originated in China.

Malware 142

Malware IoT DDOS DNS 142

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware 145

Malware DDOS IoT Cybercrime 145

Security Affairs

AUGUST 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Google Drive).

Malware 145

Malware Phishing Advertising Antivirus 145

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware 138

Malware Internet Internet DDOS 138

Security Boulevard

JANUARY 20, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. Approximately 70% of observed malware cases in 2024 derived from browser-based malware.

Surveillance 97

Surveillance Malware Data breaches Scams 97

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 143

Malware Banking Software Cybercrime 143

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software 135

Software Malware Telecommunications Antivirus 135

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware 129

Malware Cybercrime Banking Hacking 129

Security Affairs

DECEMBER 18, 2024

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date. ” concludes the report.

Cyber Attacks 113

Cyber Attacks Hacking Government Malware 113

SecureList

NOVEMBER 29, 2024

According to the UK’s National Crime Agency (NCA), this individual also was behind the infamous Reveton ransomware Trojan spread in 2012 — 2014. Kaspersky solutions worldwide detected this type of malware on 297,485 unique user devices. This malware also possessed the capability to install a backdoor on compromised systems.

Mobile 105

Mobile Adware Ransomware Malware 105

Penetration Testing

MARCH 26, 2024

Researchers at Lumen Technologies’ Black Lotus Labs have uncovered a newly updated version of the “TheMoon” malware, dating back to 2014.

Malware 88

Malware Penetration Testing Technology 88

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. An expired certificate (the valid to date is 2014).

Malware 122

Malware Software System Administration Ransomware 122

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS 298

DNS Penetration Testing Malware Hacking 298

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 132

Malware Phishing Spyware Cyber threats 132

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware 122

Malware Government Encryption Architecture 122