Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. NS ???????????? awsdns-61[.]org

Accountability 127

Accountability Phishing DNS Cryptocurrency 127

Krebs on Security

AUGUST 25, 2018

On August 7, 2018, a user on the forum of free email service hMailServer posted a copy of the sextortion email he received, noting that it included a password he’d formerly used online. All of those two-name domains used domain name servers (DNS servers) from uscourtsgov-dot-com at the time these emails were sent.

Scams 152

Scams Internet Internet Passwords 152

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 136

Backups Cryptocurrency DNS Malware 136

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. The attack chain against the routers starts with brute-force attacks or by exploiting the CVE-2018-14847 flaw that allows reading a file that contains passwords. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware 132

Malware DNS Ransomware Passwords 132

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud. .

Cybercrime 91

Cybercrime DNS Malware Advertising 91

Security Affairs

JANUARY 13, 2019

“In November 2018, TA505 , a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named “ServHelper”. “On December 13, 2018, we observed another large ServHelper “downloader” campaign targeting retail and financial services customers.” DOC , PUB, and. WIZ documents.

Malware 111

Malware Financial Services DNS Retail 111

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. Going back to RSA 2018’s Cryptographers’ Panel , it was the ‘S’ in RSA, Adi Samir, who said blockchain could address threats presented by quantum computing. More robust security for Domain Name Systems (DNS).

Cybersecurity 136

Cybersecurity Cryptocurrency Technology Energy and Utilities 136

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 143

Malware DNS Encryption Cryptocurrency 143

Security Affairs

AUGUST 26, 2018

Paper Copy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking 61

Banking Spyware Advertising DNS 61

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

SecureList

SEPTEMBER 26, 2022

RedLine’s main purpose is to steal credentials and information from browsers, in addition to stealing credit card details and cryptocurrency wallets from the compromised machine. DanaBot is a Trojan-Banker written in Delphi that spreads via email phishing, and is known to have evolved since it was discovered in 2018. ColdStealer.

Malware 143

Malware Cryptocurrency Passwords Software 143

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). “This C&C server has actually been active since 6 th March 2018 but didn’t attract attention because of the low capacity of the “black” botnet at that time. Malware actor publishes the address of the Bot-A in DNS (or using any other public channel).

Malware 73

Malware DNS Encryption Banking 73

Adam Levin

JULY 8, 2020

Hackers were also quick to pounce on the disruption caused by the 2018 shutdown of the U.S. A recent domain hijack of Japanese cryptocurrency exchange Coincheck.com was used to spoof the company in a spear-phishing campaign. Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings.

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.

Phishing 134

Phishing Spyware Firmware Malware 134

SecureList

MAY 1, 2023

2018, illustrating achievable TPR (DR)/FPR values Unfortunately, there are no miracles here. URL: [link] Organization: Adobe Reasoning: The domain name ‘duckdns.org’ is a free dynamic DNS provider which is often used by cyber criminals for hosting phishing sites or other malicious content. ROC curve from Le et al.,

Phishing 134

Phishing DNS Cybersecurity Internet 134

SecureList

DECEMBER 1, 2023

Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org After parsing the response to the DNS request, the backdoor launches a reverse shell, using the secondary C2 server for communications. org domain. Otherwise, the reverse shell is created by the crond backdoor itself.

Malware 138

Malware Ransomware Encryption Energy and Utilities 138

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

APRIL 27, 2022

We had initially analyzed this Delphi malware in April 2018. This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. We recently discovered a Trojanized DeFi application, compiled in November 2021.

Malware 145

Malware Firmware Government Phishing 145

SecureList

NOVEMBER 18, 2022

Finally, it is worth mentioning the CVE-2022-34724 vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited. In particular, researchers found Operation In(ter)ception , a campaign operated by North Korean Lazarus group, which targets macOS users looking for cryptocurrency jobs.

Mobile 122

Mobile Malware Ransomware IoT 122