Internet and Malware - Cyber Security Informer

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said.

Malware

Malware Cryptocurrency Internet Internet

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

Had this been an actual attack, they would have modified the code in those buckets to contain malware and watch as it was incorporated in different software builds around the internet. Turns out they got eight million requests over two months. This is basically the SolarWinds attack, but much more extensive.

Malware

Malware Software Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

“If you need a server for a botnet, for malware, brute, scan, phishing, fakes and any other tasks, please contact us,” BEARHOST’s ad on one forum advises. A fake browser update page pushing mobile malware. And BEARHOST has been cultivating its reputation since at least 2019. Image: Intrinsec. Image: cidr-report.org.

Malware

Malware Antivirus Software DDOS

TP-Link Router Botnet

Schneier on Security

MARCH 14, 2025

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically.

Manufacturing

Manufacturing Healthcare Malware Internet

Nearly 7% of Internet Traffic Is Malicious

Schneier on Security

JULY 31, 2024

of Internet traffic is malicious. Cloudflare reports on the state of applications security. It claims that 6.8% And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles.

Internet

Internet Internet Malware

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” ” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity.

Malware

Malware IoT Firmware Internet

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). By comparison, the cheapest price identified for a.com domain was $5.91.

Cybercrime

Cybercrime Phishing Accountability Internet

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Instead of converting files, the tools actually load malware onto victims computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). This is the actual malware. Imageconvertors[.]com

Malware

Malware Adware Education Phishing

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

MARCH 17, 2022

The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. For example, the popular library ES5-ext hadn’t updated its code in nearly two years. The message has been Google-Translated from Russian to English.

Malware

Malware Internet Internet Software

PlugX malware deleted from thousands of systems by FBI

Malwarebytes

JANUARY 16, 2025

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the Peoples Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers.

Malware

Malware DNS Internet Internet

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. com , a malware-based proxy network that has been in existence since at least 2010.

Malware

Malware Cybercrime Internet Internet

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

.” McCarthy also pointed to CVE-2024-43498 , a remote code execution flaw in.NET and Visual Studio that could be used to install malware. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server. This bug has earned a CVSS severity rating of 9.8 (10

Authentication

Authentication Engineering Malware Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. MacOS computers include X-Protect , Apple’s built-in antivirus technology.

Malware

Malware Cryptocurrency Software Phishing

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

MAY 17, 2022

The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit , a fairly common but dangerous trojan horse that spreads by appending itself to other files. He said Saicoo did not address his concern that the driver package on its website was bundled with malware. Image: Virustotal.com.

Malware

Malware Government Internet Internet

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Malware

Malware Banking Phishing DDOS

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. as a media sharing device on a local network that was somehow exposed to the Internet. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies. SocksEscort[.]com

Malware

Malware VPN Internet Internet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015.

Phishing

Phishing Cybercrime Advertising Malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware

Malware Cybercrime Software Accountability

StormBamboo Compromises ISP, Spreads Malware

Tech Republic Security

AUGUST 9, 2024

Read more about a China-aligned cyberespionage threat actor dubbed StormBamboo, also known as Evasive Panda, which compromised an Internet Service Provider and infected targets with malware.

Malware

Malware Internet Internet DNS

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

JANUARY 22, 2025

The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices.

Internet

Internet Internet Malware Risk

Hi, robot: Half of all internet traffic now automated

Malwarebytes

APRIL 16, 2025

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic. Install anti-malware software and follow basic cyber hygiene measures.

Internet

Internet Internet Passwords Artificial Intelligence

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. When Cloudflare responded by blocking the sites with a phishing warning, the real Internet address of these sites was exposed as belonging to a known “bulletproof hosting” network called Stark Industries Solutions Ltd.

Phishing

Phishing Government Engineering Internet

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

OCTOBER 12, 2020

has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. 27, UHS shut down its computer systems at healthcare facilities across the United States in a bid to stop the spread of the malware.

Healthcare

Healthcare Ransomware Internet Internet

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

Security Vulnerability of Switzerland’s E-Voting System

Schneier on Security

OCTOBER 17, 2023

Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted. To demonstrate this, I built a proof-of-concept demonstration.

Malware

Malware Internet Internet Government

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Retail

Retail Advertising Cryptocurrency Marketing

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China-linked threat actors have breached several U.S. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

Serious MacOS Vulnerability Patched

Schneier on Security

APRIL 30, 2021

Apple just patched a MacOS vulnerability that bypassed malware checks. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Apple mistakenly assumed that applications will always have certain specific attributes. Are you sure you want to open it?”

Internet

Internet Internet Malware

On Blockchain Voting

Schneier on Security

NOVEMBER 16, 2020

But now I have this excellent paper from MIT researchers: “Going from Bad to Worse: From Internet Voting to Blockchain Voting” Sunoo Park, Michael Specter, Neha Narula, and Ronald L. It can make ballot secrecy difficult or impossible. I’ve also quoted this XKCD cartoon.

Computers and Electronics

Computers and Electronics Internet Internet Risk

FBI Shuts Down Chinese Botnet

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications

Telecommunications Media Malware Internet

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile

Mobile Malware Technology Government

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware

Ransomware Internet Internet Phishing

Hackers breach ISP to poison software updates with malware

Bleeping Computer

AUGUST 3, 2024

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.]

Software

Software Malware Internet Internet

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

This month’s bundle of patch love from Redmond also addresses six other vulnerabilities Microsoft has rated “critical,” meaning that malware or malcontents could exploit them to seize control over vulnerable PCs with no help from users.

System Administration

System Administration Engineering Internet Internet

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

The internet is filled with falsehoods. Theres the fake CAPTCHA that hijacks clipboards and tricks users into installing malware. Theres the fake CAPTCHA that hijacks clipboards and tricks users into installing malware. Theres the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream.

Scams

Scams Passwords Accountability Password Management

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. “It’s possible this is a shakedown by Kaliningrad authorities of a local internet thug who has tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published Dec.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

OCTOBER 2, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Ransomware

Ransomware Malware Healthcare Internet

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The Hacker News

NOVEMBER 8, 2024

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.

Malware

Malware IoT Internet Internet

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware

Malware DNS Firewall Software

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT

IoT DDOS Internet Internet

Perfectl Malware

Delivering Malware Through Abandoned Amazon S3 Buckets

Trending Sources

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

TP-Link Router Botnet

Nearly 7% of Internet Traffic Is Malicious

Using EM Waves to Detect Malware

Why Phishers Love New TLDs Like.shop,top and.xyz

Warning over free online file converters that actually install malware

MikroTik botnet relies on DNS misconfiguration to spread malware

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

PlugX malware deleted from thousands of systems by FBI

No SOCKS, No Shoes, No Malware Proxy Services!

Microsoft Patch Tuesday, November 2024 Edition

Calendar Meeting Links Used to Spread Mac Malware

When Your Smart ID Card Reader Comes With Malware

Disneyland Malware Team: It’s a Puny World After All

Giving a Face to the Malware Proxy Service ‘Faceless’

Who and What is Behind the Malware Proxy Service SocksEscort?

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Ask Fitis, the Bear: Real Crooks Sign Their Malware

StormBamboo Compromises ISP, Spreads Malware

Booking.com Phishers May Leave You With Reservations

Report: Recent 10x Increase in Cyberattacks on Ukraine

7-Zip bug could allow a bypass of a Windows security feature. Update now

Hi, robot: Half of all internet traffic now automated

When Getting Phished Puts You in Mortal Danger

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Vulnerability of Switzerland’s E-Voting System

An Interview With the Target & Home Depot Hacker

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Serious MacOS Vulnerability Patched

On Blockchain Voting

FBI Shuts Down Chinese Botnet

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Hackers breach ISP to poison software updates with malware

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Why we’re no longer doing April Fools’ Day

U.S. Offered $10M for Hacker Just Arrested by Russia

Attacks Aimed at Disrupting the Trickbot Botnet

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Chinese StormBamboo APT compromised ISP to deliver malware

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Stay Connected