Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 120

Malware DNS Cryptocurrency Internet 120

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. I’d been doxed via DNS. Let’s just get this out of the way right now: It wasn’t me. krebsonsecurity[.]top

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. “It installs a cryptocurrency-mining malware as well as implant itself into the system and crontabs to survive reboots and deletions.”

Malware 111

Malware Cryptocurrency Advertising DNS 111

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. 48 percent found information-stealing malware activity.

DNS 95

DNS Phishing Ransomware Internet 95

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware 111

Malware DNS Advertising Cryptocurrency 111

Heimadal Security

NOVEMBER 25, 2022

More than 1,600 publicly available images on Docker Hub were found to hide malicious behavior, including DNS hijackers, cryptocurrency miners, website redirectors, and embedded secrets that can be used as backdoors. The post Over 1,600 Docker Hub Repositories Were Found to Hide Malware appeared first on Heimdal Security Blog.

Malware 96

Malware DNS Cryptocurrency Cybersecurity 96

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” continues the report.

Antivirus 144

Antivirus Cryptocurrency Malware Software 144

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 145

DNS Internet Internet Malware 145

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Security Affairs

JANUARY 25, 2021

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. ” reads the post published by Zscaler.

Cryptocurrency 145

Cryptocurrency Malware DNS Passwords 145

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. SecurityAffairs – hacking, malware).

Cryptocurrency 142

Cryptocurrency Cybercrime DNS Malware 142

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

Security Affairs

MARCH 17, 2022

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections.

Malware 132

Malware DNS Ransomware Passwords 132

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. pro, the malware impersonates the Windows version of the AdShield mobile ad blocker. Technical details.

DNS 145

DNS Antivirus Malware Encryption 145

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records.

Cybercrime 93

Cybercrime DNS Malware Advertising 93

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 136

Backups Cryptocurrency DNS Malware 136

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. Malware execution instructions.

Malware 140

Malware Cryptocurrency Passwords Software 140

Fox IT

JUNE 29, 2022

Flubot is an Android based malware that has been distributed in the past 1.5 An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. Introduction.

Banking 97

Banking Malware DNS Encryption 97

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 141

Malware DNS Encryption Cryptocurrency 141

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 137

Cryptocurrency Media Social Engineering Phishing 137

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 111

Malware Financial Services DNS Retail 111

SecureList

JANUARY 22, 2024

We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. With this URL, the sample made a request to a DNS server as an attempt to get a TXT record for the domain. The threat proved far more potent than an unauthorized proxy server installation.

Software 142

Software Computers and Electronics DNS Malware 142

Security Affairs

JANUARY 5, 2022

Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft warns. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks.”

Malware 129

Malware DNS DDOS Cryptocurrency 129

Security Affairs

JANUARY 19, 2021

Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. Brute Force – using hard coded credentials With this list, the malware tries connecting to other network devices using Telnet.

DDOS 144

DDOS DNS Malware Internet 144

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS 111

DNS Antivirus Cryptocurrency Software 111

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. However, recently the group has adopted new methods to deliver its malware. You can find the details here.

DNS 105

DNS Malware Cryptocurrency Retail 105

Cisco Security

MAY 3, 2022

Denonia is a cryptocurrency mining software that is specifically designed to run on AWS Lambda, recently discovered by Cado Security on April 6th, 2022. Enter Denonia. It is likely that Denonia has been running prior to this date, so adjust your investigations accordingly. Domains: denonia[.]xyz. ctrl.denonia[.]xyz. gw.denonia[.]xyz.

DNS 135

DNS Threat Detection Software Cryptocurrency 135

Security Affairs

MAY 8, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

IoT 98

IoT DNS Antivirus Malware 98

SecureList

MAY 27, 2022

Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.

Phishing 134

Phishing Spyware Firmware Malware 134

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

AUGUST 8, 2018

Ramnit is one of the most popular banking malware families in existence today, it was first spotted in 2010 as a worm, in 2011, its authors improved it starting from the leaked Zeus source code turning the malware into a banking Trojan. DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns).

Malware 73

Malware DNS Encryption Banking 73

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. Exploring the malware code, we detected multiple evidence indication of the possible belonging malware family: LimeRAT. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. C2 retrieval.

Malware 102

Malware Advertising DNS Antivirus 102

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

AUGUST 12, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy.

Advertising 66

Advertising DNS Firmware Surveillance 66

Adam Levin

JULY 8, 2020

Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings. A recent domain hijack of Japanese cryptocurrency exchange Coincheck.com was used to spoof the company in a spear-phishing campaign. Hackers were also quick to pounce on the disruption caused by the 2018 shutdown of the U.S.

Hacking 130

Hacking Retail Cyber Insurance Authentication 130