Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. 2016 sales thread on Exploit. One of Megatraffer’s ads on an English-language cybercrime forum. “Why do I need a certificate?”

Malware 304

Malware Cybercrime Software Accountability 304

Krebs on Security

JANUARY 20, 2020

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks , which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

DDOS 348

DDOS Internet Internet System Administration 348

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. Pushwoosh was incorporated in Novosibirsk, Russia in 2016. Pushwoosh says it is a U.S.

Mobile 288

Mobile Malware Technology Government 288

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware 100

Malware Cryptocurrency Mobile Firmware 100

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. to , and vDOS , a DDoS-for-hire service that was shut down in 2016 after its founders were arrested. lol and nulled[.]it.

eCommerce 205

eCommerce Cybercrime Accountability Passwords 205

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. This browser attack chain, popular in 2016, is no longer possible.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. The 911 user interface, as it existed when the service first launched in 2016. Another domain tied to the ustraffic@qq.com email in 2016 was ExeClean[.]net

VPN 351

VPN Computers and Electronics Antivirus Software 351

Schneier on Security

DECEMBER 17, 2018

A new variant of the Shamoon malware has destroyed signifigant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016.

Engineering 215

Engineering Malware 215

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA.

Marketing 304

Marketing Energy and Utilities Malware Ransomware 304

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. That meant the malware could directly tamper with every installed app.

Firmware 279

Firmware Manufacturing Malware Mobile 279

Bleeping Computer

JULY 26, 2022

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. [.].

Malware 125

Malware Firmware 125

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. The malware uses a custom URI Client and unusual port numbers to communicate with the server. Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns.

Banking 87

Banking Phishing Malware Passwords 87

SecureWorld News

OCTOBER 31, 2024

Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history. Vampire malware: draining systems dry This malware creeps in undetected, draining resources and stealing data in the dark.

IoT 119

IoT Phishing DDOS Backups 119

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Prosecutors say Nikolov, a.k.a.

Cybercrime 219

Cybercrime Banking Small Business Computers and Electronics 219

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. com 2016-02-18 ALIBABA CLOUD COMPUTING (BEIJING) CO., “Yehuo” ( ? ? ) com , buydudu[.]com

Mobile 275

Mobile Technology Manufacturing Malware 275

The Last Watchdog

MAY 15, 2023

These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware. Notably, in 2016, Nissan suspended a remote telematics system in its all-electric hatchback, the Leaf, due to a vulnerability in the NissanConnect app’s server.

Malware 230

Malware Manufacturing IoT Software 230

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 267

Malware Ransomware Authentication 267

Krebs on Security

SEPTEMBER 19, 2018

— were each sentenced to five years probation, 2,500 hours of community service, and ordered to pay $127,000 in restitution for the damage caused by their malware. . — were each sentenced to five years probation, 2,500 hours of community service, and ordered to pay $127,000 in restitution for the damage caused by their malware.

Government 225

Government Internet Internet Advertising 225

CyberSecurity Insiders

AUGUST 26, 2021

As the Pegasus malware nuisance is slowly found politically gripping the entire world, companies offering security solutions to mobile users are getting busy in finding out a solution that helps protect against the infection repercussions caused by the Pegasus Malware.

Mobile 142

Mobile Malware Surveillance Software 142

Joseph Steinberg

APRIL 6, 2021

Since early 2016 we have seen criminals target hospitals almost incessantly – for good reason; people can die, and have died, when their medical data is not available to doctors treating them – and criminals know that hospitals are likely to pay ransoms because they do not have the luxury of spending time to recover from attacks.

Ransomware 352

Ransomware Computers and Electronics Backups Artificial Intelligence 352

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous. They are wildly adaptable.

Malware 121

Malware Software Passwords Cryptocurrency 121

Malwarebytes

MARCH 5, 2022

The Formbook malware is an information stealer that is in use by many threat actors. Formbook has been around since 2016 and is readily available on dark web market places. The embedded object downloaded a remote template that exploits CVE-2017-11882 to download and execute the FormBook malware. Malwarebytes. Exploit blocked.

Malware 131

Malware Manufacturing Marketing 131

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware 133

Malware Identity Theft Banking Ransomware 133

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet 258

Internet Internet Software Engineering 258

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising 319

Advertising Cybercrime System Administration Hacking 319

Krebs on Security

AUGUST 12, 2018

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs. million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

Banking 229

Banking Accountability Retail Phishing 229

Security Affairs

OCTOBER 16, 2021

The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. “As of mid-2021, X-Force observed ITG23 partner with two additional malware distribution affiliates — Hive0106 (aka TA551) and Hive0107. .

Malware 133

Malware Cybercrime DDOS Social Engineering 133

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).

Malware 145

Malware Banking Software Cybercrime 145

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. The group was involved also in the string of attacks that targeted 2016 Presidential election. The campaigns targeted at least thirteen separate nations.

Malware 141

Malware Phishing Surveillance Internet 141

Krebs on Security

SEPTEMBER 10, 2021

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 344

IoT DDOS Internet Internet 344

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 125

Malware Marketing Passwords Hacking 125

Krebs on Security

FEBRUARY 3, 2022

Way back in 2016, security firm Fortinet blogged about LinkedIn’s redirect being used to promote phishing sites and online pharmacies. 26 sample from Urlscan shows a LinkedIn link redirecting to a Paypal phishing page. Let me be clear that the activity described in this post is not new.

Phishing 359

Phishing Marketing Scams Accountability 359

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. The Boston Globe reports that Gottesfeld and his wife in 2016 tried to flee to Cuba in a rented boat, but the trip didn’t go as planned.

DDOS 223

DDOS Internet Internet Spyware 223

eSecurity Planet

OCTOBER 4, 2022

Malicious programs or malware are common and dangerous threats in the digital space for both individual users and organizations alike. German IT-Security Institute AV-TEST has recorded over 1 billion malicious programs as of this writing, with over 450,000 new instances of malware being recorded every day. Malvertising.

Malware 126

Malware Phishing Ransomware Mobile 126

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 244

Advertising Antivirus Software Malware 244

Krebs on Security

AUGUST 19, 2021

Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Image: Abnormal Security. Indeed, perhaps this enterprising Nigerian scammer is just keeping up with current trends.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Schneier on Security

DECEMBER 9, 2020

From the New York Times : The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers. FireEye’s Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.

Hacking 360

Hacking Government Cyber threats Malware 360