Accountability, Cybercrime and Malware - Cyber Security Informer

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. The top 5 new gTLDs, ranked by cybercrime domains reported.

Cybercrime

Cybercrime Phishing Accountability Internet

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by navigating the world’s largest repository of recaptured breach, malware, and phishing data. Austin, TX, Oct.

Risk

Risk Cybercrime Identity Theft Phishing

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. “Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DOJ wrote.

Phishing

Phishing Cybercrime Advertising Malware

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime

Cybercrime Social Engineering Accountability Government

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

Cybercrime

Cybercrime System Administration Marketing Malware

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools.

Cybercrime

Cybercrime Advertising Phishing Hacking

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

The Last Watchdog

APRIL 7, 2025

Despite advanced AI detection and telemetry analysis offered in todays EDR solutions, modern infostealer malware is designed to evade even the most sophisticated defenses, using tactics like polymorphic malware, memory-only execution, and exploitation of zero-day vulnerabilities or outdated software.

Antivirus

Antivirus Malware Cybercrime Identity Theft

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

JUNE 15, 2021

Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Alla Witte’s personal website — allawitte[.]nl

Cybercrime

Cybercrime Ransomware Passwords Banking

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. The Facebook account for Aleksey Safronov. A “Djamix” account on the forum privetsochi[.]ru

Cybercrime

Cybercrime Accountability Identity Theft Hacking

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. The email address used for those accounts was f.grimpe@gmail.com. “Finndev.” 30, the U.S.

eCommerce

eCommerce Cybercrime Accountability Passwords

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” continues the alert.

Malware

Malware Scams Identity Theft Antivirus

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to the U.S.

Malware

Malware Identity Theft Cybercrime Accountability

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

“The threat actor did not deploy malware or tamper with any customer files within the environment,” the notice reads. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted. “Furthermore, no files other than the exfiltrated files were viewed or accessed.

Data breaches

Data breaches Banking Cybercrime Advertising

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords

Passwords Accountability Authentication Malware

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. Matveev’s hacker identities were remarkably open and talkative on numerous cybercrime forums. An FBI wanted poster for Matveev. Matveev, a.k.a. prosecutors allege. “Mother Russia will help you. .

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). prosecutors and federal law enforcement agencies. “Negotiate a deal in Telegram.”

Cybercrime

Cybercrime Mobile Media Hacking

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number.

Banking

Banking Malware Accountability Phishing

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “ Evil Corp ” and stole roughly $100 million from businesses and consumers.

Cybercrime

Cybercrime Banking Small Business Accountability

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. law enforcement agents in connection with various cybercrime investigations. FLATTENING THE CURVE.

Cybercrime

Cybercrime DDOS Advertising Hacking

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware

Malware Cybercrime Internet Internet

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware

Malware Banking Phishing DDOS

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. user account — this one on Verified[.]ru account on Carder[.]su

Malware

Malware Cybercrime Software Accountability

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking

Hacking Cybercrime Passwords Authentication

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. .

Cybercrime

Cybercrime Phishing Accountability Malware

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

RedLine and META targeted millions of victims worldwide, according to Eurojust it was one of the largest malware platforms globally. Authorities discovered that over 1 200 servers in dozens of countries were running the malware. ESET released a free online scanner for Redline and META that can help users detect and remove malware.

Identity Theft

Identity Theft Passwords Malware Banking

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts. Lazzzy.gen.” Lazzzy.gen.”

Malware

Malware Antivirus Accountability Software

Sharp Stealer: New Malware Targets Gamers’ Accounts and Online Identities

Penetration Testing

APRIL 22, 2024

A new threat has emerged in the cybercrime world, specifically designed to prey on the lucrative gaming community.

Accountability

Accountability Penetration Testing Malware Cybercrime

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.” “Hi, how are you?”

Retail

Retail Advertising Cryptocurrency Marketing

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. In a post on the English language cybercrime forum BreachForums , USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. But on Sept. But on Sept.

Cybercrime

Cybercrime Passwords Authentication Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs

APRIL 6, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with (..)

Malware

Malware Cryptocurrency Hacking Accountability

The Silent Breach: How E-Waste Fuels Cybercrime

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime? This allows them to steal the data they want.

Cybercrime

Cybercrime Computers and Electronics Passwords Hacking

Russian authorities arrest three suspects behind Mamont Android banking trojan

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. ” The authorities linked the three suspects to over 300 cybercrimes, the police seized servers, computers, storage devices, and bank cards.

Banking

Banking Computers and Electronics Mobile Malware

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

The Last Watchdog

MARCH 19, 2025

Holistic Identity: The New Cyber Battleground Organizations have traditionally focused on securing individual account credentials, but SpyClouds research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. ” Additional Report Findings: 17.3 ” Additional Report Findings: 17.3

Cyber Risk

Cyber Risk Risk Phishing Cybercrime

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

JANUARY 28, 2022

“ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. One concern about more malware shifting to Rust is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for The Record.

Ransomware

Ransomware Accountability Cybercrime Malware

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

MAY 4, 2021

In a world in which all databases — including hacker forums — are eventually compromised and leaked online, it can be tough for cybercriminals to maintain their anonymity if they’re in the habit of re-using the same unusual passwords across multiple accounts associated with different email addresses.

Passwords

Passwords Cybercrime Accountability Password Management

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN. ” WHO IS DR.

Cybercrime

Cybercrime Malware VPN Ransomware

Why Phishers Love New TLDs Like.shop,top and.xyz

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

Trending Sources

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Booking.com Phishers May Leave You With Reservations

EDR-as-a-Service makes the headlines in the cybercrime landscape

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Career Choice Tip: Cybercrime is Mostly Boring

Law enforcement seized the domains of HeartSender cybercrime marketplaces

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

How Does One Get Hired by a Top Cybercrime Gang?

From Cybercrime Saul Goodman to the Russian GRU

A Day in the Life of a Prolific Voice Phishing Crew

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

FBI warns of malicious free online document converters spreading malware

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

MikroTik botnet relies on DNS misconfiguration to spread malware

This Service Helps Malware Authors Fix Flaws in their Code

Fintech Giant Finastra Investigating Data Breach

A large botnet targets M365 accounts with password spraying attacks

U.S. Offered $10M for Hacker Just Arrested by Russia

Canadian Man Arrested in Snowflake Data Extortions

New version of Android malware FakeCall redirects bank calls to scammers

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

UK Ad Campaign Seeks to Deter Cybercrime

No SOCKS, No Shoes, No Malware Proxy Services!

Disneyland Malware Team: It’s a Puny World After All

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Crime Shop Sells Hacked Logins to Other Crime Shops

Giving a Face to the Malware Proxy Service ‘Faceless’

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Why Malware Crypting Services Deserve More Scrutiny

International law enforcement operation dismantled RedLine and Meta infostealers

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Sharp Stealer: New Malware Targets Gamers’ Accounts and Online Identities

An Interview With the Target & Home Depot Hacker

FBI Hacker Dropped Stolen Airbus Data on 9/11

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

The Silent Breach: How E-Waste Fuels Cybercrime

Russian authorities arrest three suspects behind Mamont Android banking trojan

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

Who Wrote the ALPHV/BlackCat Ransomware Strain?

The Wages of Password Re-Use: Your Money or Your Life

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Stay Connected