Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. 2016 sales thread on Exploit. “Why do I need a certificate?”

Malware 299

Malware Cybercrime Software Accountability 299

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware 121

Malware Cryptocurrency Mobile Firmware 121

Krebs on Security

AUGUST 19, 2021

Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Image: Abnormal Security. billion in 2020. Image: FBI.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. “The 911[.]re THE INTERNET NEVER FORGETS.

VPN 349

VPN Computers and Electronics Antivirus Software 349

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 235

Hacking Cybercrime Ransomware Government 235

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Image: treasury.gov.

Ransomware 294

Ransomware Cybercrime Accountability Malware 294

Krebs on Security

FEBRUARY 17, 2021

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed. billion from banks and other victims worldwide.

Cryptocurrency 326

Cryptocurrency Financial Services Banking Government 326

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous. They are wildly adaptable.

Malware 126

Malware Software Passwords Cryptocurrency 126

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware 133

Malware Cybercrime DDOS Social Engineering 133

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. RSOCKS, circa 2016. A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime 274

Cybercrime Advertising IoT Malware 274

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. ” In 2016, Deniskloster.com featured a post celebrating three years in operation. ” the post enthuses.

Advertising 313

Advertising Cybercrime System Administration Hacking 313

Krebs on Security

FEBRUARY 26, 2019

Sergei Mikhailov , formerly deputy chief of Russia’s top anti-cybercrime unit, was sentenced today to 22 years in prison. In 2013, Vrublevsky was convicted of hiring his most-trusted spammer and malware writer to launch a crippling distributed denial-of-service (DDoS) attack against one of his company’s chief competitors.

Cybersecurity 253

Cybersecurity Cybercrime Media Antivirus 253

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware 98

Malware Antivirus Manufacturing Healthcare 98

Krebs on Security

DECEMBER 8, 2021

Matthew Filbert, in 2016. According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket.

Cybercrime 328

Cybercrime Ransomware Accountability Advertising 328

Krebs on Security

SEPTEMBER 10, 2021

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 341

IoT DDOS Internet Internet 341

SecureWorld News

JANUARY 30, 2025

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world's largest cybercrime marketplaces. By dismantling these two major forums, law enforcement agencies have disrupted a global supply chain of cybercrime tools.

Cybercrime 109

Cybercrime Identity Theft Hacking Cryptocurrency 109

Malwarebytes

JUNE 8, 2021

Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Sometimes, it’s used even if an attack being discussed is a basic phish, or maybe some very generic malware. This isn’t a good thing when tackling malware developments. There’s folks looking after finances, and testing malware against CAV services.

Cybercrime 122

Cybercrime Malware Banking Phishing 122

Krebs on Security

AUGUST 12, 2018

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs. million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

Banking 226

Banking Accountability Retail Phishing 226

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware 141

Malware Banking Cryptocurrency Cybercrime 141

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 118

Cybercrime Telecommunications DNS Technology 118

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime 92

Cybercrime DNS Malware Advertising 92

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 251

Cybercrime Data breaches Malware Ransomware 251

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime 135

Cybercrime Computers and Electronics Hacking Banking 135

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).

Malware 145

Malware Banking Software Cybercrime 145

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware 144

Malware Advertising Passwords Cryptocurrency 144

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency 111

Cryptocurrency Malware Ransomware Cybercrime 111

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking 139

Banking Malware Phishing Advertising 139

Security Affairs

NOVEMBER 25, 2019

Malware Hunter – One year after its launch, Marco Ramilli shared the results of its project that has analyzed more than 1 Million malware samples. Malware Hunter is a python powered project driven by three main components: collectors, processors and public API. Malware Analyses Distribution. How it works.

Malware 140

Malware Penetration Testing Banking Advertising 140

Security Affairs

JANUARY 27, 2019

The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. The Cobalt hacking group has been using Google App Engine to distribute malware through PDF decoy documents. The group targeted more than 20 other government and financial institutions worldwide. . Pierluigi Paganini.

Engineering 111

Engineering Cybercrime Banking Advertising 111

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. The malware uses a custom URI Client and unusual port numbers to communicate with the server. Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns.

Banking 88

Banking Phishing Malware Passwords 88

Krebs on Security

JULY 29, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. A cached copy of flashupdate[.]net

Cybercrime 315

Cybercrime Software VPN Backups 315

Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Healthcare 98

Healthcare Ransomware Backups Hacking 98

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware 134

Malware Identity Theft Banking Ransomware 134

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software. ” U-Admin, a.k.a.

Phishing 327

Phishing Scams Banking Mobile 327

Security Affairs

AUGUST 1, 2020

A 30-year-old Moldovan man pleaded guilty this week for creating the FastPOS malware that infected PoS systems worldwide. The Moldovan citizen Valerian Chiochiu (30), aka Onassis, pleaded guilty on Friday for creating the infamous FastPOS Point-of-Sale (POS) malware. and infraud.ws. Pierluigi Paganini.

Malware 115

Malware Advertising Cybercrime Hacking 115

Security Affairs

OCTOBER 23, 2018

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. Securi ty Affairs – Azorult , malware). is available in the cybercrime underground market appeared first on Security Affairs. ” continues CheckPoint.

Marketing 105

Marketing Cybercrime Cryptocurrency Advertising 105

Krebs on Security

JANUARY 28, 2020

19, 2019, Wawa sent a notice to customers saying the company had discovered card-stealing malware installed on in-store payment processing systems and fuel dispensers at potentially all Wawa locations. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4.

Retail 328

Retail Banking Malware Accountability 328