Cybercrime, Document and Malware - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

This approach reflects the as-a-service logic already prevalent in other areas of the cybercrime sector, significantly reducing the level of technical knowledge needed by those wishing to access this confidential data.

Cybercrime

Cybercrime Social Engineering Accountability Government

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Anthony Hospital. One of those computers was for employees only.” ” St.

Malware

Malware Cybersecurity Healthcare Media

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. One English-speaking cybercriminal who goes by the nicknames “ Pwnstar ” and “ Pwnipotent ” has been selling fake EDR services on both Russian-language and English cybercrime forums.

Hacking

Hacking Accountability Government Social Engineering

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation.

Malware

Malware Government Hacking Cybersecurity

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware

Malware Identity Theft Cybercrime Accountability

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. “Finndev.” ” Image: Ke-la.com. 30, the U.S. Meanwhile, a LinkedIn profile for a Florian M.

eCommerce

eCommerce Cybercrime Accountability Passwords

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.”

Retail

Retail Advertising Cryptocurrency Cybercrime

Feds Target $100M ‘GozNym’ Cybercrime Network

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Source: DOJ. Vladimir Gorin , a.k.a

Cybercrime

Cybercrime Banking Small Business Computers and Electronics

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER? 16, 1982 and residing in Moscow.

Malware

Malware Cybercrime Software Accountability

Malware Delivered through Google Search

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware

Malware Phishing Cybercrime

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware

Malware Cryptocurrency Engineering Encryption

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us. In 2013, U.S.

Malware

Malware Passwords Accountability Advertising

Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

Security Affairs

JANUARY 30, 2025

An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP. An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP. and Nulled.to.”

Cybercrime

Cybercrime Hacking Cryptocurrency Phishing

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Image: Abnormal Security. Image: Abnormal Security. .” billion in 2020. Image: FBI.

Ransomware

Ransomware Social Engineering Cybercrime Scams

Nation-state actors and cybercrime gangs abuse malicious.lnk files for espionage and data theft

Security Affairs

MARCH 18, 2025

Trend ZDI researchers discovered 1,000 malicious.lnk files used by nation-state actors and cybercrime groups to execute hidden malicious commands on a victims machine by exploiting the vulnerability ZDI-CAN-25373. Since 2017, the vulnerability has been exploited by APT groups from North Korea, Iran, Russia, and China.

Cybercrime

Cybercrime Telecommunications Government Malware

New ReaderUpdate malware variants target macOS users

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware

Malware Adware Antivirus Marketing

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.” The companyalso filed documents with regulators in California warning impacted customers.

Data breaches

Data breaches Retail Cybercrime Government

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Source: Reliaquest.com.

Hacking

Hacking Malware Ransomware Government

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN. ” WHO IS DR. SAMUIL?

Cybercrime

Cybercrime Malware VPN Ransomware

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

Terabytes of documents and files stolen from victim organizations that have not paid a data ransom are now available for download from CLOP’s deep web site, including Stanford, UCLA and the University of Maryland.

Ransomware

Ransomware Cybercrime Malware Encryption

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Image: treasury.gov.

Ransomware

Ransomware Cybercrime Accountability Malware

Ransomware Gangs Don’t Need PR Help

Krebs on Security

JULY 1, 2020

Usually, the blog posts that appear on ransom sites are little more than a teaser — screenshots of claimed access to computers, or a handful of documents that expose proprietary or financial information. Maybe you disagree, dear readers? Feel free to sound off in the comments below.

Ransomware

Ransomware Cybercrime Encryption Malware

Node.js malvertising campaign targets crypto users

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering

Social Engineering Malware Cryptocurrency Engineering

Trickbot spreads malware through new distribution channels

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware

Malware Cybercrime DDOS Social Engineering

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

Andariel’s silly mistakes and a new malware family

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware

Malware Cybercrime Ransomware Phishing

Police Have Disrupted the Emotet Botnet

Schneier on Security

JANUARY 28, 2021

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware.

Malware

Malware Phishing Ransomware Cybercrime

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

China-linked APTs’ tool employed in RA World Ransomware attack

Security Affairs

FEBRUARY 13, 2025

The researchers pointed out that tools belonging to the arsenal of China-linked APT groups are often shared resources, however, many arent publicly available and arent usually associated with cybercrime activity. The attack used a Toshiba executable to sideload PlugX malware.

Ransomware

Ransomware Software Cybercrime Encryption

Global Law Enforcement Shuts Down Two of the Largest Cybercrime Forums

SecureWorld News

JANUARY 30, 2025

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world's largest cybercrime marketplaces. By dismantling these two major forums, law enforcement agencies have disrupted a global supply chain of cybercrime tools.

Cybercrime

Cybercrime Identity Theft Hacking Cryptocurrency

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Stolen files allegedly include contracts, insurance, and financial documents. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office. ” reported the Associated Press. Knight, also known as Cyclops 2.0,

Government

Government Hacking Ransomware Insurance

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Hacking

Hacking Manufacturing Cyber Attacks Ransomware

The Web’s Bot Containment Unit Needs Your Help

Krebs on Security

MARCH 16, 2020

Now, something similar is in danger of happening in cyberspace: Shadowserver.org , an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding. Image: Ghostbusters. Image: Shadowserver.org.

Malware

Malware Internet Internet Government

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Like other COVID-19 themed malspam campaigns, the infection chain starts by opening a weaponized document used as an attachment.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Take my money: OCR crypto stealers in Google Play and App Store

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware

Malware Encryption Mobile Cryptocurrency

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

eSecurity Planet

APRIL 8, 2025

A new and dangerous AI-powered hacking tool is making waves across the cybercrime underworld and experts say it could change the way digital attacks are launched. Xanthorox vision can analyze images and screenshots to extract sensitive data or interpret visual content useful for cracking passwords or reading stolen documents.

Social Engineering

Social Engineering Phishing Engineering Education

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

MAY 28, 2024

Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe.

VPN

VPN Banking Cybercrime Internet

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Security Affairs

DECEMBER 23, 2021

Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. The bad news is that threat actors are using it to distribute the Formbook malware. The CVE-2021-40444 is a remote code execution security flaw that affected the MSHTML file format.

Malware

Malware Hacking Ransomware Cybercrime

Threat actors use Quantum Builder to deliver Agent Tesla malware

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. ” concludes the report.

Malware

Malware Cybercrime Phishing Hacking

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software. Credit: blog.bushidotoken.net.

Phishing

Phishing Scams Banking Mobile

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

Allegedly, invoice receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, confidentiality pic.twitter.com/Tad7LeOcsk — HackManac (@H4ckManac) December 6, 2024 According to the announcement published by the group on its Tor leak site, stolen data includes: Invoice Receipts (..)

Ransomware

Ransomware Hacking Accountability Cyber Attacks

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. Russian news agency RIA Novosti, citing an anonymous source, confirmed that the arrested man is the “programmer” as Mikhail Matveev, as reported in court documents.

Ransomware

Ransomware Healthcare Hacking Malware

FBI warns of malicious free online document converters spreading malware

EDR-as-a-Service makes the headlines in the cybercrime landscape

Webinars

Trending Sources

CEO of cybersecurity firm charged with installing malware on hospital systems

Webinars

FBI: Spike in Hacked Police Emails, Fake Subpoenas

FBI deleted China-linked PlugX malware from over 4,200 US computers

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

An Interview With the Target & Home Depot Hacker

Feds Target $100M ‘GozNym’ Cybercrime Network

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Malware Delivered through Google Search

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Giving a Face to the Malware Proxy Service ‘Faceless’

Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

Wanted: Disgruntled Employees to Deploy Ransomware

Nation-state actors and cybercrime gangs abuse malicious.lnk files for espionage and data theft

New ReaderUpdate malware variants target macOS users

U.S. cannabis dispensary STIIIZY disclosed a data breach

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Ukrainian Police Nab Six Tied to CLOP Ransomware

How Did Authorities Identify the Alleged Lockbit Boss?

Ransomware Gangs Don’t Need PR Help

Node.js malvertising campaign targets crypto users

Trickbot spreads malware through new distribution channels

DarkGate malware campaign abuses Skype and Teams

Andariel’s silly mistakes and a new malware family

Police Have Disrupted the Emotet Botnet

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

China-linked APTs’ tool employed in RA World Ransomware attack

Global Law Enforcement Shuts Down Two of the Largest Cybercrime Forums

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

The Web’s Bot Containment Unit Needs Your Help

New RedLine malware version distributed as fake Omicron stat counter

Take my money: OCR crypto stealers in Google Play and App Store

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Threat actors use Quantum Builder to deliver Agent Tesla malware

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

8Base ransomware group hacked Croatia’s Port of Rijeka

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Stay Connected