2015 and Malware - Cyber Security Informer

Malware in Google Apps

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. Kaspersky went on to find tens of other, similar spyware apps dating back to 2015 that Google had already removed from its Play Store, but which were still visible in archived mirrors of the app repository. This particular campaign is tied to the government of Vietnam.

Malware

Malware Spyware Phishing Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware.

Malware

Malware Cybercrime Software Accountability

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. The government says between July 2012 and Sept.

Banking

Banking Malware Advertising Government

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. Several former customers of his took to Hackforums[.]net

Malware

Malware Advertising Marketing System Administration

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

The Hacker News

APRIL 18, 2024

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.

Malware

Malware Government

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Krebs on Security

MAY 30, 2019

Federal Communications Commission (FCC), executed a search warrant in tandem with the Royal Canadian Mounted Police (RCMP) at the home of a Toronto software developer behind the Orcus RAT , a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015.

Computers and Electronics

Computers and Electronics Malware Software Telecommunications

Understanding Malware-as-a-Service

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware

Malware Ransomware Cybercrime Hacking

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. DataProtector was launched in 2015, while CyberScan was launched in 2019. Pierluigi Paganini.

Malware

Malware Antivirus Cybercrime Software

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Advertising Cryptocurrency Accountability

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA.

Marketing

Marketing Energy and Utilities Malware Ransomware

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. ” Pierluigi Paganini.

Malware

Malware Accountability Hacking Government

Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware

The Hacker News

AUGUST 18, 2022

A.NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It

Malware

Malware Cybersecurity

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. It found that where there should be a 2019 8-core Snapdragon CPU, the counterfeit device might have a 2015-era 4-core CPU running at a lower frequency coupled with a feeble GPU. Saturated with malware So what’s the big security concern?

Malware

Malware Mobile Manufacturing Marketing

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Microsoft said that XorDDoS continues to home on Linux-based systems, demonstrating a significant pivot in malware targets. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

OCTOBER 15, 2020

Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona. Gemini puts the exposure window between July 2019 and August 2020.

Data breaches

Data breaches Cybercrime Retail Banking

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware

Malware Banking Software Cybercrime

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com via Domaintools.com shows the domain was assigned in 2015 to a company called “ Shanghai Blazefire Network Technology Co. com 2015-03-09 GODADDY.COM, LLC.

Mobile

Mobile Technology Manufacturing Malware

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

FEBRUARY 19, 2021

The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. According to prosecution documents, Marcu and The Shark spotted my reporting shortly after it was published in 2015, and discussed what to do next on a messaging app: The Shark: Krebsonsecurity.com See this.

Banking

Banking Accountability Cybercrime Mobile

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware

Malware Data collection Manufacturing Healthcare

SoNot SoSafe: Android malware disguises itself as secure messaging app

Malwarebytes

NOVEMBER 16, 2021

This remote access Trojan (RAT) was first discovered in infected Windows computers in 2017 by the Indian Computer Emergency Response Team (CERT-IN), but it has been active since at least 2015. CERT-IN had described GravityRAT as “unlike most malware, which are designed to inflict short term damage.

Malware

Malware Encryption Media Marketing

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware. The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. Mitigation. One of them just barely (by two days).

Malware

Malware Software System Administration Ransomware

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising

Advertising Antivirus Software Malware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” The post EnemyBot malware adds new exploits to target CMS servers and Android devices appeared first on Security Affairs. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Malwarebytes crushes malware all the time

Malwarebytes

FEBRUARY 14, 2024

They tested Malwarebytes by executing a repository of 2015 “malicious” files to see how many Malwarebytes would detect. Malwarebytes missed 34 out of those 2015 files, giving us a score of 98.31%. About a month ago, The PC Security Channel (TPSC) ran a test to check out the detection capabilities of Malwarebytes.

Malware

Malware Risk Cybersecurity

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

The Hacker News

JULY 17, 2023

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It

Malware

Malware Phishing

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. ” continues the report. Stolen data are exfiltrated through Telegram.

Cryptocurrency

Cryptocurrency Malware Media Phishing

Bigpanzi botnet infects 170,000 Android TV boxes with malware

Bleeping Computer

JANUARY 17, 2024

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [.]

Cybercrime

Cybercrime Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. RaaS rollout 2015 – 2018. Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It describes malware being iterated by hackers who’ve clearly been doing this for a long while.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

The Hacker News

JULY 8, 2024

That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal

Banking

Banking Cyber Attacks Malware

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. ” The U.S. federal prosecution against Skorjanc and McCormick is ongoing.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

The Hacker News

DECEMBER 1, 2021

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence.

Malware

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab.

Ransomware

Ransomware Accountability Cybercrime Passwords

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

The Hacker News

SEPTEMBER 23, 2022

A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday.

Spyware

Spyware Mobile Surveillance Malware

Feds Target $100M ‘GozNym’ Cybercrime Network

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Prosecutors say Nikolov, a.k.a.

Cybercrime

Cybercrime Banking Small Business Computers and Electronics

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. ”

Accountability

Accountability Hacking Authentication Marketing

OfflRouter Virus: A Persistent Threat in Ukraine Exploiting Confidential Documents

Penetration Testing

APRIL 17, 2024

Cisco Talos security researchers have uncovered a persistent, multi-component virus known as OfflRouter that has been quietly infecting Ukrainian systems and stealing sensitive documents since 2015.

Penetration Testing

Penetration Testing Malware

Malware in Google Apps

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Orcus RAT Author Charged in Malware Scheme

Giving a Face to the Malware Proxy Service ‘Faceless’

Carbanak malware returned in ransomware attacks

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Understanding Malware-as-a-Service

Romanians arrested for running underground malware services

New MrbMiner malware infected thousands of MSSQL DBs

Is the Abaddon RAT the first malware using Discord as C&C?

Actions Target Russian Govt. Botnet, Hydra Dark Market

Russia-linked APT Turla used a new malware toolset named Crutch

Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

Massive increase in XorDDoS Linux malware in last six months

Breach at Dickey’s BBQ Smokes 3M Cards

A look at the 2020–2022 ATM/PoS malware landscape

Tracing the Supply Chain Attack on Android

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

SoNot SoSafe: Android malware disguises itself as secure messaging app

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Stolen Nvidia certificates used to sign malware—here’s what to do

Who’s Behind the RevCode WebMonitor RAT?

EnemyBot malware adds new exploits to target CMS servers and Android devices

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Purple Lambert, a new malware of CIA-linked Lambert APT group

Malwarebytes crushes malware all the time

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Enigma info-stealing malware targets the cryptocurrency industry

Bigpanzi botnet infects 170,000 Android TV boxes with malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Canada Charges Its “Most Prolific Cybercriminal”

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Who’s Behind the GandCrab Ransomware?

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

Feds Target $100M ‘GozNym’ Cybercrime Network

Sendgrid Under Siege from Hacked Accounts

OfflRouter Virus: A Persistent Threat in Ukraine Exploiting Confidential Documents

Stay Connected