Remove DNS Remove Download Remove Malware
article thumbnail

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

According to DomainTools.com , the organization that registered this domain is called “ apkdownloadweb ,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called webhostbd[.]net. net for DNS. net DNS servers). xyz and onlinestreaming[.]xyz. Livestreamnow[.]xyz

Scams 65
article thumbnail

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” continues the analysis.

DNS 145
article thumbnail

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

SecureList

Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq Moqhao, XLoader), which was the main malware used in this campaign.

DNS 141
article thumbnail

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 145
article thumbnail

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 137
article thumbnail

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. The second variant. ” reads the analysis published by the experts.

DNS 107