2014 and Malware - Cyber Security Informer

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet.

Malware

Malware Passwords Banking Password Management

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Based on these similarities, we're quite sure the new malware was developed by the COMPfun authors. The COMpfun malware was initially documented by G-DATA in 2014.

Malware

Malware Engineering Encryption Hacking

Vaccine for Emotet Malware

Schneier on Security

AUGUST 18, 2020

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself.

Malware

Malware Cybersecurity

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Accountability

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

LitterDrifter USB Worm

Schneier on Security

NOVEMBER 24, 2023

The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond.

Malware

Malware Government

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

DevilsTongue Malware matches Pegasus Spying Software

CyberSecurity Insiders

JULY 26, 2021

A new malware dubbed as DevilsTongue has been found circulating on the web these days and it’s said that it is targeting Microsoft Windows Systems, iPhones, Macs, Android based computing devices like smart watches and televisions and several cloud networks across the globe.

Software

Software Malware Threat Detection Passwords

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile

Mobile Malware Technology Government

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The post Romanians arrested for running underground malware services appeared first on Security Affairs.

Malware

Malware Antivirus Cybercrime Software

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.

Government

Government Malware Cybercrime

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

The Hacker News

MAY 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. XorDdos' modular

Malware

Malware Encryption

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware

Ransomware Malware Healthcare Internet

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. The account didn’t resume posting on the forum until April 2014. 5, 2014 , but historic DNS records show BHproxies[.]com million from private investors.

Accountability

Accountability Advertising Marketing Malware

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Krebs on Security

OCTOBER 26, 2021

According to that source, the payment processor found that the PAX terminals were being used both as a malware “dropper” — a repository for malicious files — and as “command-and-control” locations for staging attacks and collecting information.

Technology

Technology Retail Computers and Electronics Malware

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

While CLOP as a moneymaking collective is fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “ TA505 ,” which MITRE ‘s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Ransomware

Ransomware Cybercrime Malware Encryption

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

TheMoon” Malware Returns: Thousands of Routers Compromised

Penetration Testing

MARCH 26, 2024

Researchers at Lumen Technologies’ Black Lotus Labs have uncovered a newly updated version of the “TheMoon” malware, dating back to 2014.

Malware

Malware Penetration Testing Technology

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). Image: Interisle Cybercrime Supply Chain 2014.

Cybercrime

Cybercrime Phishing Accountability Internet

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. An expired certificate (the valid to date is 2014).

Malware

Malware Software System Administration Ransomware

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware

Malware Banking Software Cybercrime

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware

Malware Phishing Spyware Cyber threats

Malware Masquerade: HubSpot, Veeam, Xero – Carbanak Lures Victims with Trust

Penetration Testing

DECEMBER 27, 2023

According to the monthly threat analysis by NCC Group, the banking malware Carbanak, known since 2014, has updated its methods and is now actively used in ransomware attacks.

Penetration Testing

Penetration Testing Malware Banking Ransomware

Newly Discovered Malware Evades Detection by Hijacking Communications

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware

Malware Government Encryption Architecture

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS

DNS Penetration Testing Malware Hacking

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Security Affairs

OCTOBER 25, 2020

Upon installing the malware, Emotet will download additional payloads on the machine, including ransomware, and use it to send spam emails. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Banking Advertising Ransomware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. “Emotet malware is distributed via e-mails that contain.docx files containing malicious macros as an attachment. Additional malware is downloaded and installed when running these macros.

Malware

Malware Passwords Advertising Ransomware

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK. The macros download and execute the FRIENDSPEAK code, which in turn downloads the MIXLABEL malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Malware Telecommunications Advertising

Visa shares details for two attacks on North American hospitality merchants

Security Affairs

OCTOBER 4, 2020

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. “In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants.”

Malware

Malware Advertising Accountability Hacking

Zero-Day Vulnerabilities Are on the Rise

Schneier on Security

APRIL 27, 2022

Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.

Ransomware

Ransomware Risk Malware Hacking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. “My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said.

Retail

Retail Advertising Cryptocurrency Marketing

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS). Pierluigi Paganini.

Ransomware

Ransomware Malware Advertising Cybercrime

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

New Reductor Nation-State Malware Compromises TLS

Trending Sources

Vaccine for Emotet Malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Why Malware Crypting Services Deserve More Scrutiny

LitterDrifter USB Worm

Giving a Face to the Malware Proxy Service ‘Faceless’

Orcus RAT Author Charged in Malware Scheme

Carbanak malware returned in ransomware attacks

DevilsTongue Malware matches Pegasus Spying Software

Is the Abaddon RAT the first malware using Discord as C&C?

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Romanians arrested for running underground malware services

The Justice Department Took Down the 911 S5 Botnet

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

Actions Target Russian Govt. Botnet, Hydra Dark Market

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Purple Lambert, a new malware of CIA-linked Lambert APT group

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Attacks Aimed at Disrupting the Trickbot Botnet

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Who’s Behind the Botnet-Based Service BHProxies?

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Ukrainian Police Nab Six Tied to CLOP Ransomware

Massive increase in XorDDoS Linux malware in last six months

EnemyBot malware adds new exploits to target CMS servers and Android devices

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

China-linked Moshen Dragon abuses security software to sideload malware

TheMoon” Malware Returns: Thousands of Routers Compromised

Why Phishers Love New TLDs Like.shop,top and.xyz

Stolen Nvidia certificates used to sign malware—here’s what to do

A look at the 2020–2022 ATM/PoS malware landscape

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Malware Masquerade: HubSpot, Veeam, Xero – Carbanak Lures Victims with Trust

Newly Discovered Malware Evades Detection by Hijacking Communications

French Firms Rocked by Kasbah Hacker?

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

FIN11 gang started deploying ransomware to monetize its operations

Visa shares details for two attacks on North American hospitality merchants

Zero-Day Vulnerabilities Are on the Rise

US Cyber Command details implants used in attacks on parliaments and embassies

An Interview With the Target & Home Depot Hacker

REvil Ransomware member win the auction for KPot stealer source code

Stay Connected