44 matches found
Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime
A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 38,...
Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities t...
Hackers Turning to 'Exotic' Programming Languages for Malware Development
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their...
ColdFire - Golang Malware Development Library
Golang malware development framework Introduction ColdFire provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems. Installation go get github.com/redcode-labs/ColdFire Types of functions included Logging...
TrickBot indictment reveals the scale and complexity of organized cybercrime
Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data...
Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...
FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware
The FIN11 financial crime gang is shifting its tactics from phishing and credential-theft to ransomware, researchers said. According to FireEye Mandiant researchers, FIN11 is notable for its “sheer volume of activity,” known to run up to five disparate wide-scale email phishing campaigns per week...
Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads
Attacks attributed to the Qbot trojan, known as the “Swiss Army knife” of malware, are on the uptick with a reported 100,000 recent infections, according to researchers. Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has shifted tactics again and adopted a bevy ...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
Sodinokibi Ransomware Group Sponsors Hacking Contest
White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same...
Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples
Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...
Judge Rules No Jail Time for WannaCry 'Killer' Marcus Hutchins, a.k.a. MalwareTech
Marcus Hutchins, better known as MalwareTech, has been sentenced to "time served" and one year of supervised release for developing and selling the Kronos banking malware. Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court,...
TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...
Author of Luminosity RAT Gets 2.5 Years in Federal Prison
By Waqas Colton Ray Grubbs, 21 from Stanford, Kentucky has been sent to 30 months 2.5 years in prison for developing and operating the infamous Luminosity RAT or Luminosity Link RAT Remote Access Trojan that targeted unsuspected users worldwide. Luminosity RAT allowed hackers to infect targeted...
Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets
MONTREAL – The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for...
Goodfellas, the Brazilian carding scene is after you
There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile...
Japanese boy arrested for developing cryptocurrency stealing malware
By Carolina A teenager has been arrested for creating a cryptocurrency stealing malware used This is a post from HackRead.com Read the original post: Japanese boy arrested for developing cryptocurrency stealing malware...
EGESPLOIT - A Golang Library For Malware Development
EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...
56 Hackers Arrested in Cyber Crime 'Strike Week' Raids in UK
The United Kingdom's National Crime Agency NCA has arrested 56 suspected hackers in a campaign against cybercrime called "strike week." Law-enforcement officials conducted, in total, 25 separate operations across England, Scotland and Wales, and those arrested were suspected in a wide range of...
Dexter, Project Hook Point of Sale Malware Still Prevalent
While the Target data breach may be in the rear view mirror, research this week shows it’s clear that many attackers are still using point of sale malware, namely Dexter and Project Hook, in active attacks. Researchers at Arbor Networks’ Security Engineering & Response Team ASERT looked at severa...