Krebs on Security

MAY 16, 2019

The locations of alleged GozNym cybercrime group members. They’re also related to the 2016 arrest of Krasimir Nikolov , a 47-year-old Bulgarian man who was extradited to the United States to face charges for allegedly cashing out bank accounts that were compromised by the GozNym malware. Source: DOJ. Vladimir Gorin , a.k.a

Cybercrime 208

Cybercrime Banking Small Business Computers and Electronics 208

Krebs on Security

JANUARY 31, 2025

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender , Fudpage and Fudtools (and many other “fud” variations). ” Manipulaters advertisement for Office 365 Private Page with Antibot phishing kit sold via Heartsender.

Phishing 239

Phishing Cybercrime Advertising Malware 239

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Pierluigi Paganini.

Cybercrime 145

Cybercrime Antivirus Marketing Accountability 145

Krebs on Security

FEBRUARY 1, 2021

.” The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, “ Gmuni ,” “ Bamit9 ,” and “ Uncle Munis.” One of SMS Bandits’ key offerings: An “auto-shop” web panel for selling stolen account credentials.

Phishing 354

Phishing Telecommunications Advertising Mobile 354

Krebs on Security

DECEMBER 19, 2024

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums. Araneida Scanner’s Telegram channel bragging about how customers are using the service for cybercrime. ” Orn advertising Araneida Scanner in Feb. ” Orn advertising Araneida Scanner in Feb.

Hacking 220

Hacking Cybercrime Advertising Data breaches 220

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to the U.S. Image: USDOJ.

Malware 332

Malware Identity Theft Cybercrime Accountability 332

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. “The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Krebs on Security

APRIL 18, 2023

For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Notices posted for Faceless users, advertising an email flooding service and soliciting zero-day vulnerabilities in Internet of Things devices. Image: Darkbeast/Ke-la.com.

Malware 281

Malware Passwords Accountability Advertising 281

Krebs on Security

MAY 14, 2021

The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. The new restrictions came as some Russian cybercrime forums began distancing themselves from ransomware operations altogether.

Ransomware 364

Ransomware Cryptocurrency Cybercrime Healthcare 364

Krebs on Security

JANUARY 28, 2022

“ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. On the cybercrime forum RAMP , the user Binrs says they are a Rust developer who’s been coding for 6 years. I AM DUCKERMAN. Sergey DuckerMan’s GitHub profile.

Ransomware 318

Ransomware Accountability Cybercrime Malware 318

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. – experience with Active Directory.

Cybercrime 345

Cybercrime VPN Malware Ransomware 345

Krebs on Security

DECEMBER 8, 2021

There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “ Darkcloudowner ,” and to the email address dark_cl0ud6@hotmail.com.

Cybercrime 321

Cybercrime Ransomware Accountability Advertising 321

Security Affairs

FEBRUARY 2, 2025

and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools.

Cybercrime 109

Cybercrime Advertising Phishing Hacking 109

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. The hack of the Maza cybercrime forum was also reported by researchers at Flashpoint.

Cybercrime 145

Cybercrime Hacking DDOS Passwords 145

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN 336

VPN Government Cybercrime Internet 336

Krebs on Security

APRIL 28, 2020

But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA.

Phishing 249

Phishing Accountability Artificial Intelligence Cybercrime 249

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime 138

Cybercrime Security Intelligence Authentication Banking 138

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. The username associated with that account was “ bo3dom.” com back in 2011, and sanjulianhotels[.]com com (2017).

Ransomware 338

Ransomware Passwords Accountability Cybercrime 338

Krebs on Security

NOVEMBER 19, 2024

8, a cybercriminal using the nickname “ abyss0 ” posted on the English-language cybercrime community BreachForums that they’d stolen files belonging to some of Finastra’s largest banking clients. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted.

Data breaches 280

Data breaches Banking Cybercrime Advertising 280

The Hacker News

SEPTEMBER 4, 2023

Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware.

Accountability 139

Accountability Scams Cybercrime Advertising 139

Krebs on Security

JULY 13, 2020

The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime. Data Viper has sought to differentiate itself by advertising “access to private and undisclosed breach data.” An online post by the attackers who broke into Data Viper. But on Aug.

Hacking 362

Hacking Marketing Cybercrime Accountability 362

Krebs on Security

MAY 4, 2023

government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. was used to register an account with the username “Nordex” at bankir[.]com

Marketing 281

Marketing Cybercrime Accountability Cryptocurrency 281

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. A DIRECT QUOT The domain quot[.]pw

Scams 289

Scams DDOS Cryptocurrency Accountability 289

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware 290

Malware Cybercrime Software Accountability 290

Krebs on Security

MAY 28, 2024

911’s VPN performed largely as advertised for the user — allowing them to surf the web anonymously — but it also quietly turned the user’s computer into a traffic relay for paying 911 S5 customers. dollars using over-the-counter vendors who wired and deposited funds into bank accounts held by Liu. ”

VPN 263

VPN Banking Cybercrime Internet 263

Krebs on Security

JULY 8, 2019

“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in Russian security firm Kaspersky Lab estimated that by the time the program ceased operations, GandCrab accounted for up to half of the global ransomware market.

Ransomware 274

Ransomware Accountability Cybercrime Passwords 274

Krebs on Security

APRIL 30, 2020

A screen shot from a user account at “Snowden,” a long-running reshipping mule service. It stands to reason that the virus outbreak might depress cybercriminal demand for “dumps,” or stolen account data that can be used to create physical counterfeit credit cards.

Cybercrime 341

Cybercrime Computers and Electronics Marketing Scams 341

Krebs on Security

AUGUST 2, 2022

The underground cybercrime forums are now awash in pleas from people who are desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses. That is a far cry from the proxy inventory advertised by 911, which stood at more than 200,000 IP addresses for rent just a few days ago.

Malware 304

Malware Cybercrime Internet Internet 304

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 332

Phishing Cryptocurrency Accountability Social Engineering 332

The Hacker News

MAY 18, 2023

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.

Cybercrime 107

Cybercrime Advertising Mobile Media 107

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. ru , which at one point advertised the sale of wooden staircases. Dmitry Yuryevich Khoroshev. Image: treasury.gov.

Ransomware 284

Ransomware Cybercrime Accountability Malware 284

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. The email address used for those accounts was f.grimpe@gmail.com. io , and rdp[.]sh. lol and nulled[.]it.

eCommerce 194

eCommerce Cybercrime Accountability Passwords 194

Krebs on Security

DECEMBER 29, 2020

With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. A good chunk of the loyal readers here are understandably security- and privacy-conscious, and many block advertisements by default — including the ads displayed here.

Scams 300

Scams Social Engineering Cybercrime Advertising 300

Security Affairs

NOVEMBER 24, 2024

seized the stolen credit card marketplace PopeyeTools and charged its operators, this is a major success against cybercrime. PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016. million in revenue. million in revenue.

Cybercrime 130

Cybercrime Cryptocurrency Banking Accountability 130

Krebs on Security

NOVEMBER 2, 2023

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market.

Cybercrime 317

Cybercrime Marketing Scams Retail 317

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords 341

Passwords Mobile Authentication Banking 341