2016, Cryptocurrency and DNS - Cyber Security Informer

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. This is shown below in Figure 6.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. A mysterious group with links to Lazarus and an unusual financial motivation for an APT.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. A 2016 screen shot of the Joker’s Stash homepage. The links have been redacted. A screenshot of a website reviewing PM2BTC.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. These records are accessed via normal DNS queries or DNS-over-HTTPs ( DoH ) if the DNS query fails. “Rocke keeps evolving its TTPs in attempts to remain undetected.

Cybercrime

Cybercrime DNS Malware Advertising

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. Pierluigi Paganini.

Malware

Malware DNS Ransomware Passwords

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. The razzmatazz of cryptocurrency hasn’t helped blockchain’s adoption as a technology beyond finance. More robust security for Domain Name Systems (DNS). The Intersection of Cryptocurrency and Cybersecurity.

Cybersecurity

Cybersecurity Cryptocurrency Technology Energy and Utilities

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

The threat actors use the.bit Top-Level Domain (TLD) for the Domain Name System (DNS) servers. bit” C&C domains was added to protect the C2 infrastructure, this TLD is associated with the cryptocurrency Namecoin and requires special DNS servers that the malware uses (dedsolutions[.]bit, The support for “.bit” bit, arepos[.]bit).null.

Malware

Malware Financial Services DNS Retail

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware

Malware DNS Encryption Ransomware

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS

DDOS Cryptocurrency Marketing Internet

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing

Phishing Spyware Firmware Malware

IT threat evolution in Q2 2023

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware

Malware Spyware Government Cryptocurrency

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org After parsing the response to the DNS request, the backdoor launches a reverse shell, using the secondary C2 server for communications. LokiBot first surfaced in 2016 and remains active today. org domain.

Malware

Malware Ransomware Encryption Energy and Utilities

DDoS attacks in Q2 2021

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. The bug was named TsuNAME.

DDOS

DDOS DNS IoT Marketing

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

In 2016, the Mirai botnet attack left most of the eastern U.S. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” In 2008, the Kraken botnet with 495,000 bots infected 10% of the Fortune 500 companies. with no internet.

Malware

Malware Adware Spyware Antivirus

Cyber Security Informer

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

The BlueNoroff cryptocurrency hunt is still on

Webinars

Trending Sources

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Webinars

Chinese-speaking cybercrime gang Rocke changes tactics

Microsoft releases open-source tool for checking MikroTik Routers compromise

The State of Blockchain Applications in Cybersecurity

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

StripedFly: Perennially flying under the radar

DDoS attacks in Q4 2020

IT threat evolution Q1 2022

IT threat evolution in Q2 2023

IT threat evolution Q3 2023

DDoS attacks in Q2 2021

Types of Malware & Best Malware Protection Practices

Stay Connected