DNS, Download and Malware - Cyber Security Informer

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

According to DomainTools.com , the organization that registered this domain is called “ apkdownloadweb ,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called webhostbd[.]net. net for DNS. net DNS servers). xyz and onlinestreaming[.]xyz. Livestreamnow[.]xyz

Scams

Scams DNS Internet Internet

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” continues the analysis.

DNS

DNS Malware Technology Encryption

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

SecureList

JANUARY 19, 2023

Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq Moqhao, XLoader), which was the main malware used in this campaign.

DNS

DNS Mobile Malware Accountability

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware

Malware DNS Firewall Software

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. The second variant. ” reads the analysis published by the experts.

DNS

DNS Malware Advertising DDOS

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Lyceum.NET DNS Backdoor

Security Boulevard

JUNE 9, 2022

Active since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on.NET based malwares. The threat actor then leverages the AutoClose() function to drop the DNS backdoor onto the system. Lyceum.NET DNS backdoor.

DNS

DNS Energy and Utilities Malware Telecommunications

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

3 ways DNS filtering can save SMBs from cyberattacks

Malwarebytes

JUNE 1, 2022

That’s where DNS filtering comes in. But first, DNS in a nutshell. So normally, every time your customer types in your web address, their computer makes a request to a DNS server. The DNS server, in turn, tells the computer where to go. But which web-based cyberthreats in particular does DNS filtering stop, you ask?

DNS

DNS DDOS Phishing Spyware

How to Prevent DNS Attacks: DNS Security Best Practices

eSecurity Planet

DECEMBER 8, 2023

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. Everything You Need to Know.

DNS

DNS DDOS Firewall Architecture

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware

Malware DNS Retail Education

Microsoft Patch Tuesday, February 2021 Edition

Krebs on Security

FEBRUARY 9, 2021

Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users. Keep in mind that Windows 10 by default will automatically download and install updates on its own schedule.

DNS

DNS Backups Software Phishing

What Is DNS Spoofing and How Is It Prevented?

Security Boulevard

MAY 20, 2022

What Is DNS Spoofing and How Is It Prevented? What Is the DNS and DNS Server? . To fully understand DNS spoofing, it’s important to understand DNS and DNS servers. The DNS “domain name system” is then what translates the domain name into the right IP address. What Is DNS Spoofing? .

DNS

DNS Cyber Attacks Encryption Risk

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. The victim downloads and opens the malicious app that installs FluBot.

Malware

Malware DNS Banking Hacking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. The attacks start with phishing messages that lead to the download of RAR archives hosted on OneDrive or MediaFire containing a malicious executable. ” continues the report.

Malware

Malware Surveillance Phishing Government

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software

Software Malware Banking Advertising

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware

Malware DNS Cryptocurrency Internet

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

The Prevalence of DarkComet in Dynamic DNS

Security Boulevard

AUGUST 6, 2024

Threat Intelligence Report Date: August 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain.

DNS

DNS Malware Social Engineering Engineering

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Malwarebytes

JUNE 30, 2022

The vulnerability or chain of vulnerabilities allow the threat actor to download a binary, then execute it on the host. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. ZuoRAT looks like a heavily modified version of the Mirai malware. DNS hijacking.

Malware

Malware DNS Small Business Firmware

New Linux coin miner kills competing malware to maximize profits

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware and coin miners present on the infected machine. It also downloads hxxp://yxarsh.shop/1.jpg

Malware

Malware Cryptocurrency Advertising DNS

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking

Hacking Cybercrime DNS Antivirus

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware

Malware DNS Social Engineering Advertising

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware

Malware DNS Government Software

Operation Triangulation: iOS devices targeted with previously unknown malware

SecureList

JUNE 1, 2023

The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation. After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform. WIFI OUT: 0.0 - WWAN IN: 76281896.0, WWAN OUT: 100956502.0

Malware

Malware Backups Mobile DNS

What is DNS Spoofing and Cache Poisoning?

Security Boulevard

APRIL 14, 2022

In April 2022, hackers targeted the customers of eight Malaysian banks by urging them to download malicious apps. The apps stole user credentials and forwarded the messages to the malware operators. The post What is DNS Spoofing and Cache Poisoning? The post What is DNS Spoofing and Cache Poisoning?

DNS

DNS Social Engineering Cybercrime Banking

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS

DNS Malware Hacking Cybercrime

Cracked software beats gold: new macOS backdoor stealing cryptowallets

SecureList

JANUARY 22, 2024

We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. A downloader A completed “patching” kicked off the main payload, with the sample reaching out to its C2 for an encrypted script. org every 30 seconds and tried to download and execute the following script.

Software

Software Computers and Electronics DNS Malware

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. Online ads from search engine result pages are increasingly being used to deliver malware to corporate users. Click here for more information about DNS filtering via our Nebula platform.

System Administration

System Administration DNS Engineering Social Engineering

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware

Malware Adware Spyware Antivirus

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Endpoint security for Mac: 3 best practices

Malwarebytes

JULY 14, 2022

Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that Macs don’t get malware simply isn’t true: in fact, the number of malware detections on Mac jumped 200% year-on-year in 2021. And it’s not just malware you have to worry about with your Mac endpoints.

DNS

DNS Adware Malware Antivirus

Sunburst: connecting the dots in the DNS requests

SecureList

DECEMBER 18, 2020

At the moment, we identified approximately ~100 customers who downloaded the trojanized package containing the Sunburst backdoor. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes.

DNS

DNS Telecommunications Malware Encryption

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. It throws an exception and exits if any of those files are found.

Banking

Banking Malware Advertising DNS

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors. ” concludes the analysis.

Adware

Adware DNS Malware Advertising

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet

Internet Internet DNS Telecommunications

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. The attack chain starts with a downloader module on a victim’s server in the form of a standalone executable format and a DLL. The DLL downloader is run by the Exchange IIS worker process w3wp.exe.

Ransomware

Ransomware Backups Encryption DNS

New Mirai variant appears in the threat landscape

Security Affairs

MARCH 16, 2021

Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.” “The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing.

Wireless

Wireless IoT DNS VPN

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

JANUARY 13, 2022

The malware campaign was spotted by Cisco Talos in October 2021, most of the victims were located in the United States, Italy and Singapore. The attackers used complex obfuscation techniques in the downloader script. ” reads the analysis published by Talos.

Malware

Malware DNS Cybercrime Ransomware

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

SEPTEMBER 23, 2024

Threat actors exploited the flaw to download or copy malicious components. Upon opening this file, an obfuscated VBScript downloads multiple files from a public cloud service like AWS, including a decoy PDF,NET applications, and a configuration file. The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram.

DNS

DNS Government Phishing Telecommunications

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Trending Sources

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Chinese StormBamboo APT compromised ISP to deliver malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Why Malware Crypting Services Deserve More Scrutiny

Lyceum.NET DNS Backdoor

Cuttlefish malware targets enterprise-grade SOHO routers

3 ways DNS filtering can save SMBs from cyberattacks

How to Prevent DNS Attacks: DNS Security Best Practices

New Agent Raccoon malware targets the Middle East, Africa and the US

Microsoft Patch Tuesday, February 2021 Edition

What Is DNS Spoofing and How Is It Prevented?

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Operation Spalax, an ongoing malware campaign targeting Colombian entities

GoldenHelper, a new malware delivered via Chinese tax software

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

The Prevalence of DarkComet in Dynamic DNS

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

New Linux coin miner kills competing malware to maximize profits

No, I Did Not Hack Your MS Exchange Server

Linksys force password reset to prevent Router hijacking

The return of the AdvisorsBot malware

Tomiris called, they want their Turla malware back

Operation Triangulation: iOS devices targeted with previously unknown malware

What is DNS Spoofing and Cache Poisoning?

Previously unseen Msupedge backdoor targeted a university in Taiwan

Cracked software beats gold: new macOS backdoor stealing cryptowallets

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Types of Malware & Best Malware Protection Practices

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Endpoint security for Mac: 3 best practices

Sunburst: connecting the dots in the DNS requests

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs - Untitled Article

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

New Mirai variant appears in the threat landscape

Threat actors abuse public cloud services to spread multiple RATs

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Stay Connected