Cybercrime and Web Fraud - Cyber Security Informer

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work com and rdp[.]monster;

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. A full, defanged list of domains is available here.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

One English-speaking cybercriminal who goes by the nicknames “ Pwnstar ” and “ Pwnipotent ” has been selling fake EDR services on both Russian-language and English cybercrime forums. “I cannot 100% guarantee every order will go through,” Pwnstar explained. ” An ad from Pwnstar for fake EDR services.

Hacking

Hacking Accountability Government Social Engineering

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

” Perm is the current administrator of Star Fraud , one of the more consequential cybercrime communities on Telegram and one that has emerged as a foundry of innovation in voice phishing attacks. As we’ll see in a moment, that phishing kit is operated and rented out by a cybercriminal known as “ Perm ” a.k.a.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking

Hacking Cybercrime Passwords Authentication

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a.

DDOS

DDOS Government Internet Internet

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies. Image: Prodaft.

Phishing

Phishing Banking Mobile Retail

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

In a report published today, the company said since late March 2020 it has observed several crooks complaining about COVID-19 interfering with the daily activities of their various money mules (people hired to help launder the proceeds of cybercrime). ” Alex Holden , founder and CTO of Hold Security , agreed.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. com was hosted at a company in Moscow with just a handful of other domains phishing popular cybercrime stores, including Jstashbazar[.]com, com, vclub[.]cards,

Phishing

Phishing Cybercrime Accountability Advertising

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Pompompurin has been a thorn in the side of the FBI for years.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

is cybercrime forum. “We can examine your (or not exactly your) PHP code for vulnerabilities and backdoors,” reads his offering on several prominent Russian cybercrime forums. The cybercrime actor “upO” on Exploit[.]in RedBear’s profile on the Russian-language xss[.]is

Malware

Malware Cybercrime Ransomware Marketing

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

OCTOBER 15, 2022

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cryptocurrency

Cryptocurrency Marketing Cybercrime Technology

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

JANUARY 17, 2024

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Punchmade Dev’s shop.

Cybercrime

Cybercrime Media Banking Accountability

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN.

Cybercrime

Cybercrime Malware VPN Ransomware

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. Such responses generally accomplish nothing, except unnecessarily upping the stakes for everyone involved while displaying a dangerous naiveté about how the cybercrime underground works.

Data breaches

Data breaches Banking Cybercrime Marketing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Indeed, those messages show Sosa/King Bob was obsessed with finding new “ grails ,” the slang term used in some cybercrime discussion channels to describe recordings from popular artists that have never been officially released. “I got the most music in the com,” King Bob bragged in a Discord server in November 2022.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

The underground cybercrime forums are now awash in pleas from people who are desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses. Last week, a seven-year-old proxy service called 911[.]re “Everybody is looking for an alternative, bro,” wrote a BlackHatForums user on Aug.

Malware

Malware Cybercrime Internet Internet

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

Cybercrime

Cybercrime Software VPN Backups

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

The request for the last four of the customer’s credit card number was consistent with my own testing, which relied upon on a caller ID spoofing service advertised in the cybercrime underground and aimed at a Citi account controlled by this author. A screen shot from an underground store selling CVV records. Click to enlarge.

Scams

Scams Banking Accountability Financial Services

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The answer involved Bitcoin, but also Taleon’s new service.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Who’s Behind the SWAT USA Reshipping Service?

Krebs on Security

NOVEMBER 6, 2023

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. As detailed in this Nov. 2 story , SWAT currently employs more than 1,200 U.S.

Passwords

Passwords Cybercrime Accountability Hacking

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

Interestingly, Maryann’s LinkedIn profile was accepted as truth by Cybercrime Magazine’s CISO 500 listing, which claims to maintain a list of the current CISOs at America’s largest companies: The fake CISO for ExxOnMobil was indexed in Cybercrime Magazine’s CISO 500.

CISO

CISO Cybercrime Accountability Information Security

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. And all of them operate via Telegram , a cloud-based instant messaging system.

Passwords

Passwords Mobile Authentication Banking

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: Darkbeast/Ke-la.com. In 2013, U.S.

Malware

Malware Passwords Accountability Advertising

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Malware

Malware Banking Phishing DDOS

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S.

Cybercrime

Cybercrime Malware Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. FORUM ACTIVITY?

VPN

VPN Computers and Electronics Antivirus Software

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware

Malware VPN Internet Internet

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

But Caturegli said ransomware gangs and other cybercrime groups could siphon huge volumes of Microsoft Windows credentials from quite a few companies with just a small up-front investment. ” If we ever learn that cybercrime groups are using namespace collisions to launch ransomware attacks, nobody can say they weren’t warned. .

DNS

DNS Internet Internet Authentication

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

JANUARY 25, 2023

The tip about the Experian weakness came from Jenya Kushnir , a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to cybercrime.

Cybercrime

Cybercrime Web Fraud Data breaches

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

Picari was the owner, developer and main beneficiary of the service, and his personal information and ownership of OTP Agency was revealed in February 2020 in a “dox” posted to the now-defunct English-language cybercrime forum Raidforums. The NCA said it began investigating the service in June 2020.

Accountability

Accountability Banking Passwords Scams

Riding the State Unemployment Fraud ‘Wave’

Krebs on Security

MAY 23, 2020

Earlier this week, email security firm Agari detailed a fraud operation tied to a seasoned Nigerian cybercrime group it dubbed “ Scattered Canary ,” which has been busy of late bilking states and the federal government out of economic stimulus and unemployment payments. ” CANARY IN THE GOLDMINE.

Insurance

Insurance Accountability Banking Government

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms.

Phishing

Phishing Cybercrime Malware Advertising

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Internet

Internet Internet Hacking Accountability

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

NOVEMBER 13, 2018

.” The report tracks the work of Magecart — the name given to a collective of at least seven cybercrime groups involved in hacking Web sites to steal payment card data. Credit card data stolen by these various Magecart groups invariably gets put up for sale at online cybercrime shops, the security firms found.

Accountability

Accountability eCommerce Cybercrime Advertising

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

“If you were to look [on cybercrime forums] at the past history of people posting about that Ledger database, you’d see people were selling it privately for months prior to that,” Nixon said.

Passwords

Passwords Password Management Phishing Scams

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

These so-called “stealer logs” are mostly generated by opportunistic infections from information-stealing trojans that are sold on cybercrime markets.

Scams

Scams DNS Internet Internet

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

.” While CLOP as a money making collective is a fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “TA505,” which MITRE’s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Healthcare

Healthcare Backups Ransomware Insurance

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

A broad array of industry groups have filed comments opposing the proposed changes , saying they threaten to remove the last vestiges of accountability for a top-level domain that is already overrun with cybercrime activity. “This exposes how persistent the criminal economy can be at a supply chain level,” Burton said.

Phishing

Phishing Telecommunications Malware Scams

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

In keeping with the overall theme, these phishing domains appear focused on stealing usernames and passwords to some of the cybercrime underground’s busiest shops, including Brian’s Club. Among those is rustraitor[.]info An archive.org copy of Rustraitor. What do all the phished sites have in common? com , meternask[.]com

Phishing

Phishing Cryptocurrency DDOS Internet

RaidForums Gets Raided, Alleged Admin Arrested

Krebs on Security

APRIL 12, 2022

Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

Government

Government Identity Theft Mobile Data breaches

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Like most cybercrime forums, OGUsers is overrun with shady characters who are there mainly to rip off other members. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Accountability

Accountability Hacking Media Mobile

How Cryptocurrency Turns to Cash in Russian Banks

Booking.com Phishers May Leave You With Reservations

Trending Sources

FBI: Spike in Hacked Police Emails, Fake Subpoenas

A Day in the Life of a Prolific Voice Phishing Crew

Crime Shop Sells Hacked Logins to Other Crime Shops

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

China-based SMS Phishing Triad Pivots to Banks

How Cybercriminals are Weathering COVID-19

Phishing Sites Targeting Scammers and Thieves

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

This Service Helps Malware Authors Fix Flaws in their Code

Anti-Money Laundering Service AMLBot Cleans House

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

When Efforts to Contain a Data Breach Backfire

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

No SOCKS, No Shoes, No Malware Proxy Services!

911 Proxy Service Implodes After Disclosing Breach

Would You Have Fallen for This Phone Scam?

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Who’s Behind the SWAT USA Reshipping Service?

Fake CISO Profiles on LinkedIn Target Fortune 500s

The Rise of One-Time Password Interception Bots

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Giving a Face to the Malware Proxy Service ‘Faceless’

Disneyland Malware Team: It’s a Puny World After All

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

A Deep Dive Into the Residential Proxy Service ‘911’

Who and What is Behind the Malware Proxy Service SocksEscort?

Local Networks Go Global When Domain Names Collide

Experian Glitch Exposing Credit Files Lasted 47 Days

Owners of 1-Time Passcode Theft Service Plead Guilty

Riding the State Unemployment Fraud ‘Wave’

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Hoax Email Blast Abused Poor Coding in FBI Website

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

The Life Cycle of a Breached Database

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

New Ransom Payment Schemes Target Executives, Telemedicine

US Harbors Prolific Malicious Link Shortening Service

Fake Lawsuit Threat Exposes Privnote Phishing Sites

RaidForums Gets Raided, Alleged Admin Arrested

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Stay Connected