Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 139

Malware Cybercrime Software Phishing 139

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 127

Cybercrime Telecommunications DNS Technology 127

Security Affairs

SEPTEMBER 29, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 134

Malware Social Engineering IoT Scams 134

Security Affairs

SEPTEMBER 1, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 133

Malware Ransomware Engineering Hacking 133

Security Affairs

OCTOBER 30, 2024

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number.

Banking 138

Banking Malware Accountability Phishing 138

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Merely checking for known vulnerabilities is insufficient.

Malware 144

Malware Cryptocurrency Encryption Hacking 144

Security Affairs

SEPTEMBER 22, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 133

Malware Healthcare IoT Cryptocurrency 133

Security Affairs

JULY 14, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 134

Malware Spyware Internet Internet 134

Security Affairs

JULY 22, 2024

Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates ) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client).

Malware 143

Malware Cryptocurrency Hacking Software 143

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware 140

Malware Social Engineering Retail Engineering 140

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 140

Malware Cryptocurrency Encryption Software 140

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. Sedexp uses udev rules to maintain persistence. ” concludes the report.

Malware 144

Malware Hacking Ransomware Cybercrime 144

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. “Sorry, but this is f *d up.

Ransomware 305

Ransomware Healthcare Cybercrime Government 305

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 126

Malware Architecture Cryptocurrency Cyber Attacks 126

Security Affairs

AUGUST 23, 2024

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. ” reads the report published by Cado Security.

Malware 136

Malware Passwords Cryptocurrency Software 136

Security Affairs

AUGUST 18, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 137

Malware Social Engineering Ransomware Government 137

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 128

Malware Spyware Banking Ransomware 128

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 132

Malware Ransomware Encryption Phishing 132

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 228

Cybercrime Data breaches Malware Ransomware 228

Security Affairs

MAY 3, 2024

This feature prevents malware execution outside the infected machine, a feature that had been abandoned by many malware variants that borrow the Zeus leaked source code. The malware implements this feature by checking a specific key/value in the Windows registry. ” reads the analysis published by Zscaler.

Malware 138

Malware Banking Hacking Cybercrime 138

Security Affairs

SEPTEMBER 13, 2024

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.

Malware 133

Malware Internet Internet Ransomware 133

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware 138

Malware Spyware Authentication Mobile 138

Security Affairs

SEPTEMBER 8, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 123

Malware Insurance Ransomware Government 123

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing 140

Phishing Malware Accountability Hacking 140

Security Affairs

JANUARY 1, 2024

Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The researchers discovered that the malware targets Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in. ” continues the report.

Malware 145

Malware Penetration Testing Passwords Encryption 145

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 138

Antivirus Malware DNS Cryptocurrency 138

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware.

Malware 135

Malware Spyware Phishing Cyber threats 135

Security Affairs

MARCH 6, 2024

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances.

Malware 145

Malware Cryptocurrency Engineering Internet 145

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware 141

Malware Banking Engineering Encryption 141

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android devices in 197 countries. million Android-based TV boxes belonging to users in 197 countries.

Malware 143

Malware Firmware Antivirus Manufacturing 143

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 4 Run a Linux command in a separate thread.

Malware 139

Malware VPN Encryption Hacking 139

Security Affairs

MARCH 23, 2024

A large-scale malware campaign, tracked as Sign1, has already compromised 39,000 WordPress sites in the last six months. Sucurity researchers at Sucuri spotted a malware campaign, tracked as Sign1, which has already compromised 39,000 WordPress sites in the last six months. Malware uses this difference to try and stay hidden.

Malware 144

Malware Engineering Hacking Cybercrime 144

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware 142

Malware DDOS Internet Internet 142

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. businesses called #ShieldsUp.

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Security Affairs

MARCH 17, 2024

The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system. All unique passwords are stored in a file named “brute.txt”.

Malware 143

Malware Passwords Software Hacking 143

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising 308

Advertising Cybercrime System Administration Hacking 308