Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 275

Phishing Cryptocurrency DDOS Internet 275

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Cryptocurrency 97

Cryptocurrency DNS 97

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. tmp 2>&1″ Stealing cryptocurrency. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS 91

DNS Phishing Ransomware Internet 91

Krebs on Security

MARCH 28, 2021

I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS. “This morning, I noticed a fan making excessive noise on a server in my homelab,” the reader said.

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” concludes the analysis.”

DNS 145

DNS Internet Internet Malware 145

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. NS ???????????? awsdns-61[.]org

Accountability 128

Accountability Phishing DNS Cryptocurrency 128

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 143

Antivirus Cryptocurrency Malware Software 143

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 105

Social Engineering Engineering DNS Accountability 105

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

Cryptocurrency 141

Cryptocurrency Cybercrime DNS Malware 141

Security Affairs

JANUARY 19, 2021

The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands. CVE-2020-7961 – Java unmarshalling flaw via JSONWS in Liferay Portal (in versions prior to 7.2.1 CE GA2) (disclosed on March 20, 2020).

DDOS 144

DDOS DNS Malware Internet 144

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 119

Malware DNS Cryptocurrency Internet 119

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. Comparative number of DDoS attacks, Q1 and Q2 2021, and Q2 2020.

DDOS 144

DDOS DNS IoT Marketing 144

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 136

Backups Cryptocurrency DNS Malware 136

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. The Trickbot operation has switched to using MikroTik routers as C&C servers since 2020. Microsoft has analyzed how the malware compromised MikroTik routers and developed a tool to detect signs of compromise. Pierluigi Paganini.

Malware 132

Malware DNS Ransomware Passwords 132

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). Patched.netyyk.

DNS 145

DNS Antivirus Malware Encryption 145

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. Let’s look at the figures: Comparative number of DDoS attacks, Q3 and Q4 2021, and Q4 2020. Q4 2020 data is taken as 100% ( download ). fold increase.

DDOS 143

DDOS Cryptocurrency Marketing Accountability 143

eSecurity Planet

FEBRUARY 19, 2024

The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Akira also has potential ties to Conti, another ransomware group, through cryptocurrency transactions, according to Unit 42. February 19, 2024 ExpressVPN Split Tunneling Disabled after Discovered Vulnerability Type of vulnerability: DNS traffic leak.

VPN 114

VPN DNS Ransomware Software 114

SecureList

SEPTEMBER 26, 2022

RedLine Stealer has been known since early 2020 and developed through 2021. RedLine’s main purpose is to steal credentials and information from browsers, in addition to stealing credit card details and cryptocurrency wallets from the compromised machine. Screen with cryptocurrency addresses from Generic.ClipBanker binary.

Malware 143

Malware Cryptocurrency Passwords Software 143

The Last Watchdog

OCTOBER 19, 2021

Yet Bitcoin, Ethereum and other cryptocurrencies are mere pieces of the puzzle. Users can create bridges and share part of their file systems with others without relying on any centralized databases or lookup systems like DNS, for example. On the technology front, blockchain systems signal the type of shifts that need to fully unfold.

Internet 223

Internet Internet Cryptocurrency Software 223

Fox IT

JUNE 29, 2022

Flubot banking malware families are in the wild since at least the period between late 2020 and the first quarter of 2022. Based on reports from other researchers, Flubot samples were first found in the wild between November and December of 2020. in December 2020. In this new version, they introduced DNS-over-HTTPs (DoH).

Banking 97

Banking Malware DNS Encryption 97

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. TeamTNT has been one of the most active threat groups since mid 2020. Windows component – Set up a cryptocurrency miner. Exfil Domain in DNS Query. Background. See figure 6.). See figure 7).

Cryptocurrency 84

Cryptocurrency Malware Passwords Authentication 84

SecureList

DECEMBER 1, 2023

The version of Free Download Manager installed by the infected package was released on January 24, 2020. They mention the dates 20200126 (January 26, 2020) and 20200127 (January 27, 2020). Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org org domain.

Malware 138

Malware Ransomware Encryption Energy and Utilities 138

SecureList

MAY 1, 2023

Among the identified companies, there were major tech portals like Facebook, TikTok and Google, marketplaces such as Amazon and Steam, lots of banks from all over the world, from Australia to Russia, cryptocurrency and delivery services. ” These points make a lot of sense.

Phishing 134

Phishing DNS Cybersecurity Internet 134

SecureList

AUGUST 30, 2023

A DLL with this name was used in recent deployments of a backdoor that we dubbed Gopuram , which we had been tracking since 2020. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

APRIL 27, 2022

The supporting infrastructure for this operation overlaps with an operation described in a report published by Cisco Talos in September 2021, which discusses a campaign targeting government personnel in India using Netwire and Warzone (aka AveMaria RAT) dating back to the end of 2020. in June 2021.

Malware 145

Malware Firmware Government Phishing 145

CyberSecurity Insiders

JANUARY 25, 2022

.–( BUSINESS WIRE )– CSC , a world leader in business, legal, tax, and domain security, today announced key findings from its new report, which found that nearly 500,000 web domains were registered since January 2020 containing key COVID-related terms. To access the full report and additional details, visit our website.

Artificial Intelligence 52

Artificial Intelligence Phishing Technology DNS 52

eSecurity Planet

FEBRUARY 16, 2021

With over 600,000 devices, this botnet exposed just how vulnerable IoT devices could be and led to the IoT Cybersecurity Improvement Act of 2020. A strain of keylogger malware dubbed LokiBot notably increased in 2020. In 2016, the Mirai botnet attack left most of the eastern U.S. with no internet. Browser Hijacker. RAM Scraper.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

MAY 26, 2021

The statistics in this report cover the period from May 2020 to April 2021, inclusive. Number of EU users attacked by financial malware, May 2020 – April 2021 ( download ). Geography of banking malware attacks in the EU, May 2020 – April 2021 ( download ). Main figures. Threat geography. Country. %*. Threat geography.

Phishing 144

Phishing Malware Ransomware Adware 144

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org The ark-x2[.]org

Scams 233

Scams Cryptocurrency Media Hacking 233

SecureList

JANUARY 28, 2021

2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. What does all this mean for privacy? What does all this mean for privacy? How are governments and enterprises going to react to this in 2021?

Marketing 95

Marketing Data collection Government Encryption 95