Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. ” or “ Tmo up!

Mobile 346

Mobile Phishing Authentication Advertising 346

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords 352

Passwords Mobile Authentication Banking 352

Krebs on Security

MAY 22, 2023

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. That user advertised a service called “ Quot Project ” which said they could be hired to write programming scripts in Python and C++. A DIRECT QUOT The domain quot[.]pw pw was their domain.

Scams 284

Scams DDOS Cryptocurrency Accountability 284

Krebs on Security

APRIL 28, 2020

The request for the last four of the customer’s credit card number was consistent with my own testing, which relied upon on a caller ID spoofing service advertised in the cybercrime underground and aimed at a Citi account controlled by this author. A screen shot from an underground store selling CVV records. Click to enlarge.

Scams 363

Scams Banking Accountability Financial Services 363

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. A full, defanged list of domains is available here.

Phishing 239

Phishing Accountability Artificial Intelligence Cybercrime 239

Krebs on Security

SEPTEMBER 18, 2024

Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. These so-called “stealer logs” are mostly generated by opportunistic infections from information-stealing trojans that are sold on cybercrime markets.

Scams 65

Scams DNS Internet Internet 65

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 260

Phishing Cybercrime Malware Advertising 260

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. biz , a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Malware 251

Malware Antivirus Cybercrime Hacking 251

Krebs on Security

OCTOBER 15, 2019

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground. The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. million more. HACKING BACK?

Hacking 232

Hacking Cybercrime Marketing Banking 232

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. had some personal problems and checked himself into rehab.

Cryptocurrency 290

Cryptocurrency Government Internet Internet 290

Krebs on Security

NOVEMBER 13, 2018

But the site is noticeably devoid of any SSL certificate (the entire site is [link] not [link] and the products for sale are all advertised for roughly half their normal cost. It’s now advertising running shoes. So what’s going here? .” 4, KrebsOnSecurity published Who’s in Your Online Shopping Cart?

Accountability 222

Accountability eCommerce Cybercrime Advertising 222

Krebs on Security

FEBRUARY 4, 2021

Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. Like most cybercrime forums, OGUsers is overrun with shady characters who are there mainly to rip off other members. THE MIDDLEMEN.

Accountability 337

Accountability Hacking Media Mobile 337

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort began in 2009 as “ super-socks[.]com SocksEscort began in 2009 as “ super-socks[.]com com, super-socks[.]com,

Malware 211

Malware VPN Internet Internet 211

Krebs on Security

JUNE 28, 2022

Google took aim at Glupteba in part because its owners were using the botnet to divert and steal vast sums in online advertising revenue. Full disclosure: Constella is currently an advertiser on this website]. ru , an extremely popular Russian-language pay-per-install network that has been in operation for at least a decade.

Passwords 282

Passwords Malware Internet Internet 282

Krebs on Security

APRIL 4, 2024

Privnote’s ease-of-use and popularity among cryptocurrency enthusiasts has made it a perennial target of phishers , who erect Privnote clones that function more or less as advertised but also quietly inject their own cryptocurrency payment addresses when a note is created that contains crypto wallets. Among those is rustraitor[.]info

Phishing 255

Phishing Cryptocurrency DDOS Internet 255

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. Image: Trend Micro. billion last year.

Accountability 232

Accountability Scams Cryptocurrency Advertising 232

Krebs on Security

MARCH 29, 2022

” On April 5, 2021, Everlynn posted a new sales thread to the cybercrime forum cracked[.]to Everlynn advertising a warrant/subpoena service based on fake EDRs. ” which advertised the ability to send email from a federal agency within the government of Argentina. ” The price: $100 to $250 per request.

Accountability 301

Accountability Government Hacking Social Engineering 301

Krebs on Security

APRIL 27, 2022

Fake EDRs have become such a reliable method in the cybercrime underground for obtaining information about account holders that several cybercriminals have started offering services that will submit these fraudulent EDRs on behalf of paying clients to a number of top social media and technology firms.

Mobile 194

Mobile Government Media Technology 194

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. com was hosted at a company in Moscow with just a handful of other domains phishing popular cybercrime stores, including Jstashbazar[.]com,

Phishing 363

Phishing Cybercrime Accountability Advertising 363

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. in the British Virgin Islands. FORUM ACTIVITY?

VPN 326

VPN Computers and Electronics Antivirus Software 326

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime 205

Cybercrime Phishing Banking Malware 205

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work com and rdp[.]monster;

Cryptocurrency 247

Cryptocurrency Banking Cybercrime Advertising 247

Krebs on Security

OCTOBER 3, 2024

.” Ian Ahl , senior vice president of threat research at Permiso, said attackers in possession of a working cloud account traditionally have used that access for run-of-the-mill financial cybercrime, such as cryptocurrency mining or spam. “And these are typically things the large language models won’t be able to talk about.”

Accountability 272

Accountability Artificial Intelligence Web Fraud Cryptocurrency 272

Krebs on Security

FEBRUARY 25, 2021

These days, some of the most frequent posts on those channels advertise the sale of various “methods” or tips about how to bypass ID.me in cybercrime forums, Telegram channels throughout 2020. protections. Mentions of id.me Source: Flashpoint-intel.com.

Scams 346

Scams Insurance DDOS Authentication 346

Krebs on Security

FEBRUARY 9, 2022

The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang , and has many in the cybercrime underground asking who might be next. K’s message for Trump’s Dumps users.

Cybercrime 278

Cybercrime Marketing Identity Theft Retail 278