53 matches found
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" RTM Locker that functions as a private ransomware-as-a-service RaaS provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang uses...
Unveiling the Advanced Rust-based Nevada Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new type of ransomware named "Nevada Ransomware" has been identified. The creators of this ransomware have established an affiliate program that was initially introduced in the RAMP underground...
Cardiologist moonlighted as successful ransomware developer
The US has charged a 55-year-old French-Venezuelan cardiologist from Venezuela with "attempted computer intrusions and conspiracy to commit computer intrusions". This was revealed in an unsealed complaint in a federal court in Brooklyn, New York. Moises Luis Zagala Gonzales worked as a ransomware...
DOJ Says Doctor is Malware Mastermind
On Monday, the U.S. Attorney’s Office for the Eastern District of New York revealed criminal charges against 55 year-old cardiologist Moises Luis Zagala Gonzalez of Cuidad Bolivar, Venezuela accusing him of being the mastermind behind the prolific Thanos malware. The inditement alleges he “design...
Who Wrote the ALPHV/BlackCat Ransomware Strain?
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV a.k.a. "BlackCat", considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, well explore some of the clues left behind b...
DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates
Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal foru...
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained th...
Scammers, profiteers, and shady sites? It must be tax season
US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...
Who’s Behind the GandCrab Ransomware?
The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follow...
Kraken Ransomware Upgrades Distribution with RaaS Model
The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service RaaS model to underground forum customers, via a video...
Mac App Store apps are stealing user data
There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. This is referred to as exfiltrating the data. Some of this data is actuall...
GandCrab Ransomware Found Hiding on Legitimate Websites
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...
McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker
ARCHIVED STORY McAfee Labs Advanced Threat Research Aids Arrest of Suspected Cybercrime Gang Linked to Top Malware CTB Locker By Trellix · December 20, 2017 In our recent research, we interviewed the actors behind ransomware campaigns. One of the interesting findings was cybercriminals seemed to...
Seven More Chrome Extensions Compromised
The number of compromised Chrome browser extensions is growing beyond the initial Aug. 1 hijacking of the OCR add-on called Copyfish. Added to list are seven additional legitimate Chrome Extensions that attackers took over and used to manipulate internet traffic and web-based ads, according to...
Keeping up with the Petyas: Demystifying the malware family
Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family. The origin of Petya...
Adware-Laden Skype Botnet Disrupted
Skype, Microsoft’s now ubiquitous video/messenger program, has long been a go-to destination for attackers looking to peddle their malware. The latest campaign to leverage the software – a botnet circulating adware, composed entirely of Skype users – was recently disrupted by researchers. Ronnie...
Shopping Cart Script with Affiliate Program SQL Injection
No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Shopping Cart Script with Affiliate Program SQL Injection Vendor url:http://www.yourfreeworld.com Version:n/a Price:399$ Published: 2010-06-19 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue,...
Virut and Waledac Botnets Spamming from Shared Machines
In an analysis of Virut botnet samples, Symantec researchers observed the malware downloading Waledac variants, suggesting that the gangs responsible for each botnet may be cooperating with one another through some sort of affiliate program, or, at the very least, that the two threats coexist and...
SMS Extortion Trojan Targeting Apple Machines
In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud. Trojan.SMSSend.3666 is the Mac variant within...