Lucene search
K

15 matches found

The Hacker News
The Hacker News
added 2025/03/06 12:15 p.m.18 views

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, ...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/13 2:37 p.m.28 views

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface UEFI bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the operating system boot process, enabling Glupteba t...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/20 5:51 a.m.4 views

Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/11 5:35 p.m.2 views

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/11 5:35 p.m.105 views

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin aka QNAP worm, attributed to a threat actor dubbed DEV-0856, is a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/16 2:17 p.m.32 views

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

Cybersecurity researchers have exposed new connections between a widely used pay-per-install PPI malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki aka les0k, zhigalsz advertises their PPI service on underground...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/26 11:24 a.m.24 views

Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of R...

3AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/05/05 12:0 a.m.11 views

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver...

3.9AI score
Exploits0
HackRead
HackRead
added 2022/02/27 3:0 p.m.12 views

Malware families using Pay-Per-Install service to expand targets

By Owais Sultan The PrivateLoader is a Pay-Per-Install malware PPI that delivers a wide variety of malware. Including Vidar, Raccoon, Redline,… This is a post from HackRead.com Read the original post: Malware families using Pay-Per-Install service to expand targets...

4.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/08 12:42 p.m.27 views

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

A detailed examination of a Pay-per-install PPI malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading...

1.5AI score
Exploits0
Securelist
Securelist
added 2018/08/02 10:0 a.m.97 views

How do file partner programs work?

It's easy to notice if you've fallen victim to an advertising partner program: the system has new apps that you didn't install, ad pages spontaneously open in the browser, ads appear on sites where they never used to, and so on. If you notice these symptoms on your computer, and in the list of...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2013/12/18 10:0 a.m.18 views

DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly

Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/08/11 3:52 p.m.5 views

Harnig Botnet Returns, But Without Rustock

The takedown of the Rustock botnet earlier this year has had ripple effects throughout the malware and spam ecosystems, with some large reductions in spam levels and attacks. However, some of the components of the malware machine driven by Rustock are beginning to come back online now. Researcher...

0.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/04/16 2:55 p.m.14 views

Inside the Java 0-Day Exploit

The Java Web Start vulnerability that has been getting so much attention of late is being attacked by a number of different sites now, with a relatively simple and easily reproducible exploit, researchers say. The Java flaw, which Google researcher Tavis Ormandy disclosed publicly on April 9, was...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/10/07 2:56 p.m.10 views

Malware Flea Market Pays Hackers to Hijack PCs

Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for i...

3.4AI score
Exploits0References2
Rows per page
Query Builder