Antivirus, Cybercrime and Hacking - Cyber Security Informer

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab , KrebsOnSecurity has learned. The bulletproof hosting provider BEARHOST. Image: Ke-la.com.

Malware

Malware Antivirus Software DDOS

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

“web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. 26, Shadowserver saw an attempt to install a new type of backdoor in compromised Exchange Servers, and with each hacked host it installed the backdoor in the same place: “ /owa/auth/babydraco.aspx.

Hacking

Hacking Cybercrime DNS Internet

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Security Affairs

APRIL 2, 2025

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. ” concludes the report.

Antivirus

Antivirus Cybercrime Malware Encryption

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals. “I’m also godfather of his second son.”

Retail

Retail Advertising Cryptocurrency Cybercrime

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

Security Affairs

MAY 10, 2019

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software. Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information.

Antivirus

Antivirus Hacking Artificial Intelligence Cybercrime

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. in cybercrime forum. ” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, FIN7) is forums. .

Advertising

Advertising Cybercrime Hacking Ransomware

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Keeping devices updated and using reliable antivirus software also helps prevent malware-related data theft. from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services

Financial Services Passwords Accountability Antivirus

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

The malicious code was advertised on cybercrime forums for $3,000 per month. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware

Malware Advertising Antivirus Cybercrime

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. SecurityAffairs – hacking, cybercrime marketplaces). Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Social engineering: Cybercrime meets human hacking

Webroot

FEBRUARY 22, 2022

Whether it’s updating your antivirus software or learning to spot phishing traps with security awareness training , Webroot has you covered. The post Social engineering: Cybercrime meets human hacking appeared first on Webroot Blog. Experience powerful and reliable protection from Webroot that won’t slow you down.

Social Engineering

Social Engineering Engineering Cybercrime Hacking

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, free online document converters)

Malware

Malware Scams Identity Theft Antivirus

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware) 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. “Antivirus software trusts signed programs more. That protracted and public conflict formed the backdrop of my 2014 book — “ Spam Nation: The Inside Story of Organized Cybercrime, from Global Epidemic to Your Front Door. Image: Ke-la.com.

Malware

Malware Cybercrime Software Accountability

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. in cybercrime forum. ” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, FIN7) is forums. .

Advertising

Advertising Cybercrime Hacking Ransomware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK — SteamDB (@SteamDB) February 12, 2025 The game PirateFi was released as beta, but multiple antivirus flagged it as “Trojan.Win32.Lazzzy.gen.” Lazzzy.gen.” SteamDB estimates that over 800 users may have downloaded the game.

Malware

Malware Antivirus Accountability Software

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. ” A depiction of the Proxygate service.

VPN

VPN Computers and Electronics Antivirus Software

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware

Malware Antivirus Cybercrime Software

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Chinese Android phone ) .” concludes the report that includes indicators of compromise (IoCs).

Malware

Malware Manufacturing Mobile Spyware

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. SecurityAffairs – hacking, driver).

Antivirus

Antivirus Ransomware Malware Cybercrime

Memorial Hospital and Manor suffered a ransomware attack

Security Affairs

NOVEMBER 6, 2024

” The hospital identified the ransomware attack early Saturday after antivirus software installed on the employees’ PCs flagged potential risks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, hospital)

Ransomware

Ransomware Healthcare Antivirus Data breaches

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Software Antivirus

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

It gathers system details, including antivirus information, encodes the data, and sends it to a remote server. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Banking

Banking Malware Antivirus Cyber threats

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. issued international arrest warrant for his extradition.

Cybercrime

Cybercrime Malware Antivirus Banking

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

The US Department of Justice has indicted a hacker named Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. The US Department of Justice has indicted a hacker that goes online with the moniker Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks.

Hacking

Hacking Antivirus Advertising Cybercrime

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

FEBRUARY 26, 2019

Sergei Mikhailov , formerly deputy chief of Russia’s top anti-cybercrime unit, was sentenced today to 22 years in prison. In a telephone interview with this author in 2011, Vrublevsky said he was convinced that Mikhailov was taking information gathered by Russian government cybercrime investigators and feeding it to U.S.

Cybersecurity

Cybersecurity Cybercrime Media Antivirus

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution. SecurityAffairs – hacking, FIN7). Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Malware

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. SecurityAffairs – hacking, Brute Ratel). in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine) The report includes Indicators of Compromise(IoCs) for this threat along with Snort rules for its detection.

Phishing

Phishing Antivirus Encryption Hacking

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

Recommendations include timely patching, using strong and unique passwords, enabling multi-factor authentication, implementing security tools to detect abnormal activity, auditing accounts, scanning for open ports, segmenting networks, updating antivirus software, and creating offline backups.

Architecture

Architecture Internet Internet Malware

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Security Affairs

APRIL 21, 2025

The malware maintains a low detection rate among antivirus solutions due to its minimal permission model and narrow focus on NFC relay attacks. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Malware

Malware Social Engineering Banking Engineering

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. This bold about-face dumbfounded many longtime Norton users because antivirus firms had spent years broadly classifying all cryptomining programs as malware.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

When it comes to hacking and cybercrime, sometimes all the focus is on the one who launches the attack. DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. One of those threat actors was just convicted in a United States courtroom.

Antivirus

Antivirus Malware Software Ransomware

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. in threads asking for urgent help obtaining access to hacked businesses in South Korea. Vpn-service[.]us

Ransomware

Ransomware Accountability Cybercrime Passwords

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

“An important question arising from this analysis is not just how to defend against threats like ToxicPanda but why contemporary antivirus solutions have struggled to detect a threat that is, in technical terms, relatively straightforward. Spain and Peru, at 3.9% and 3.4%, indicate a potential expansion into Latin America.

Banking

Banking Malware Accountability Authentication

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

A stepping stone to impactful cybercrime This tactic has tangible real-world implications. A DNS firewall and a classic antivirus are somewhat underused yet effective security tools that will come in handy. A mix of social engineering, hacking, and abuse of legitimate services makes this style of online crime incredibly effective.

Cybercrime

Cybercrime Advertising Engineering Antivirus

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

The news of this fast-spreading computer virus dominated headlines, and the creator, Onel de Guzman, was arrested for committing this cybercrime. It’s clear that when technology develops, people find creative ways to cause mass disruption, increasing the need for antivirus protection and firewalls. Lessons learned.

Hacking

Hacking Cybersecurity Identity Theft Technology

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,SilentCryptoMiner) in a temporary folder.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

No, I Did Not Hack Your MS Exchange Server

Webinars

Trending Sources

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Webinars

An Interview With the Target & Home Depot Hacker

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Banshee macOS stealer supports new evasion mechanisms

15 billion credentials available in the cybercrime marketplaces

Social engineering: Cybercrime meets human hacking

FBI warns of malicious free online document converters spreading malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

New Triada Trojan comes preinstalled on Android devices

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Valve removed the game PirateFi from the Steam video game platform because contained a malware

A Deep Dive Into the Residential Proxy Service ‘911’

Romanians arrested for running underground malware services

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Memorial Hospital and Manor suffered a ransomware attack

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Cactus ransomware gang claims the Schneider Electric hack

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Russia-linked Gamaredon targets Ukraine with Remcos RAT

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Happy 13th Birthday, KrebsOnSecurity!

Convicted: He Helped Cybercriminals Evade Antivirus

Who’s Behind the GandCrab Ransomware?

Chinese-speaking cybercrime gang Rocke changes tactics

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Stay Connected