Cybercrime, DNS and Malware - Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. By July 2023 kits could dynamically load phishing pages based on DNS MX records.

DNS

DNS Phishing Banking Passwords

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware.

Malware

Malware Cybercrime Internet Internet

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware

Malware Cybercrime Internet Internet

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

According to DomainTools.com , the organization that registered this domain is called “ apkdownloadweb ,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called webhostbd[.]net. net for DNS. net DNS servers). xyz and onlinestreaming[.]xyz. Livestreamnow[.]xyz

Scams

Scams DNS Internet Internet

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” continues the analysis.

DNS

DNS Malware Technology Encryption

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Security Affairs

JANUARY 19, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Artificial Intelligence DNS Ransomware

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings.

DNS

DNS Mobile Malware Hacking

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers.

Hacking

Hacking Cybercrime DNS Internet

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 6, 2024

The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views.py “getresetstatus in dns/views.py “getresetstatus in dns/views.py and ftp/views.py. Attackers can manipulate the statusfile property with shell metacharacters. and ftp/views.py ” reads the advisory. . and ftp/views.py

DNS

DNS Authentication Ransomware Hacking

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime

Cybercrime Telecommunications DNS Technology

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US

Phishing

Phishing Telecommunications Malware Scams

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities. “Symbiote is a malware that is highly evasive.

Malware

Malware DNS Antivirus Passwords

What is DNS Spoofing and Cache Poisoning?

Security Boulevard

APRIL 14, 2022

The apps stole user credentials and forwarded the messages to the malware operators. This is just one of the cybercrimes reported in 2022, […]. The post What is DNS Spoofing and Cache Poisoning? The post What is DNS Spoofing and Cache Poisoning? appeared first on EasyDMARC. appeared first on Security Boulevard.

DNS

DNS Social Engineering Cybercrime Banking

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware

Malware DNS Cryptocurrency Internet

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

FIN7 is back with a previously unseen SQLRat malware

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis.

Malware

Malware Identity Theft Cybercrime Hacking

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware

Spyware Data breaches DNS Artificial Intelligence

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. the malware communicates with the C2 server through DNS Tunneling over HTTPS. .

Malware

Malware DNS Banking Hacking

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

A Reactive Cybersecurity Strategy Is No Strategy at All

CyberSecurity Insiders

MAY 18, 2022

By increasing visibility into DNS traffic, CISOs can detect, block, and respond to incidents more quickly as well as use this data to institute new controls and increase overall resiliency. When malware first breaches a network, it doesn’t make its presence known right away. The issue likely comes down to awareness.

DNS

DNS Cybersecurity CISO Social Engineering

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Security Affairs

MARCH 3, 2024

The researchers observed the malware trying to contact a Taiwan-based public DNS resolver with the IP address 168.95.1[.]1. The researchers observed the malware initiating a DNS query to resolve the domain download.vmfare[.]com com by using the public DNS resolver at 168.95[.]1.1. ” concludes the report.

DNS

DNS Malware Encryption Hacking

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. Scammers and malware operators are increasingly adept at mimicking popular brands in their ad snippets, which makes it problematic for the average user to tell the wheat from the chaff. A stepping stone to impactful cybercrime This tactic has tangible real-world implications.

Cybercrime

Cybercrime Advertising Engineering Antivirus

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. “The 911[.]re FORUM ACTIVITY?

VPN

VPN Computers and Electronics Antivirus Software

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. ” continues the report.

DNS

DNS Accountability Risk Hacking

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT.

Advertising

Advertising Malware Software Marketing

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters.

Software

Software Phishing Cybercrime Accountability

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Security Boulevard

FEBRUARY 23, 2023

Thankfully, nearly all malware depends on DNS at some point in their kill chain, making the protocol a critical vector for shutting down these threats. Some of the common forms these DNS-based attacks can take include: DNS spoofing: A malicious actor alters DNS records to redirect traffic to a fake website or server.

Antivirus

Antivirus DNS Threat Detection Small Business

Cobalt cybercrime gang targets Russian and Romanian banks

Security Affairs

SEPTEMBER 1, 2018

Security experts from Netscout’s ASERT uncovered a new campaign carried out by the Cobalt cybercrime group. The experts also detected two malware samples used in the campaign, a JavaScript backdoor and another malicious code tracked as COOLPANTS, a reconnaissance backdoor associated with the group. Pierluigi Paganini.

Cybercrime

Cybercrime Banking Phishing Advertising

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. Business Email Compromise (BEC), a type of phishing attack, results in the greatest financial losses of any cybercrime.

DNS

DNS Phishing Social Engineering Engineering

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. SecurityAffairs – hacking, malware).

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

For several years, Cisco Secure provided DNS visibility and architecture intelligence with Cisco Umbrella and Cisco Umbrella Investigate ; and automated malware analysis and threat intelligence with Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX. CyberCrime Tracker.

DNS

DNS Firewall Malware Mobile

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Cybercrime

Cybercrime Ransomware Malware Data breaches

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

JANUARY 13, 2022

The malware campaign was spotted by Cisco Talos in October 2021, most of the victims were located in the United States, Italy and Singapore. “To deliver the malware payload, the actor registered several malicious subdomains using DuckDNS, a free dynamic DNS service. ” reads the analysis published by Talos.

Malware

Malware DNS Cybercrime Ransomware

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

JANUARY 20, 2022

Operators continue to offer the botnet through a multi-purpose malware-as-a-service (MaaS) model. Threat actors leverage the botnet to distribute a broad range of malware including info-stealer and ransomware such as Conti and Ryuk. To date, the Trickbot botnet has already infected more than a million computers.

Ransomware

Ransomware Banking Malware Encryption

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS

DNS Malware Hacking Cybercrime

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws could allow to unlock Doors Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal PACMAN, a new attack technique against Apple M1 CPUs Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (..)

Ransomware

Ransomware DNS Cybercrime Hacking

New analysis of Diavol ransomware reinforces the link to TrickBot gang

Security Affairs

AUGUST 18, 2021

In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider , the cybercrime gang behind the TrickBot botnet. However, Fortinet researchers that analyzed the malware discovered that ransomware operators have yet to implement data-stealing capabilities.

Ransomware

Ransomware DNS Cybercrime Malware

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Security Affairs

DECEMBER 19, 2020

At the time of this writing the Joker’s Stash’s.bazar,lib,emc,coin domains, which are all those accessible via blockchain DNS, are simply showing a “Server Not Found” message. . SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

DNS

DNS Cybercrime Hacking Information Security

MikroTik botnet relies on DNS misconfiguration to spread malware

Morphing Meerkat phishing kits exploit DNS MX records

Trending Sources

15-Year-Old Malware Proxy Network VIP72 Goes Dark

No SOCKS, No Shoes, No Malware Proxy Services!

Why Malware Crypting Services Deserve More Scrutiny

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Roaming Mantis uses new DNS changer in its Wroba mobile malware

No, I Did Not Hack Your MS Exchange Server

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Chinese-speaking cybercrime gang Rocke changes tactics

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

US Harbors Prolific Malicious Link Shortening Service

Symbiote, a nearly-impossible-to-detect Linux malware?

What is DNS Spoofing and Cache Poisoning?

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

FIN7 is back with a previously unseen SQLRat malware

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

A Reactive Cybersecurity Strategy Is No Strategy at All

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

A Deep Dive Into the Residential Proxy Service ‘911’

Sitting Ducks attack technique exposes over a million domains to hijacking

Canadian Police Raid ‘Orcus RAT’ Author

“FudCo” Spam Empire Tied to Pakistani Software Firm

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Cobalt cybercrime gang targets Russian and Romanian banks

How to Stop Phishing Attacks with Protective DNS

TeamTNT group adds new detection evasion tool to its Linux miner

Black Hat USA 2021 Network Operations Center

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors abuse public cloud services to spread multiple RATs

FBI links the Diavol ransomware to the TrickBot gang

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs newsletter Round 369 by Pierluigi Paganini

New analysis of Diavol ransomware reinforces the link to TrickBot gang

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Stay Connected