Cybercrime | SC Media

Cybercrime

njRat

TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns

The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September. The downloader, named Get2, has been used in campaigns to deliver a variety of secondary payloads, including the FlawedGrace and FlawedAmmyy RATs and Snatch…

Graboid cryptomining worm leverages Docker Engine containers to spread

Researchers have found what they are calling the first crpytojacking worm to spread to and from compromised containers in the Docker Engine. Named Graboid as an homage to the monster worm in the 1990 movie Tremors, the malware mines Monero cryptocurrency from infected machines and randomly spreads to other vulnerable hosts. Indeed, the malware contains a list…

New 'Rombertik' malware destroys master boot record if analysis function detected

Major software vendor compromised with previously undocumented PortReuse backdoor

A thorough investigation into reputed Chinese APT actor Winnti Group turned up a previously undocumented backdoor that was used to compromise a popular Asian mobile hardware and software vendor — perhaps as a prelude to launching a major supply chain attack against its users. Dubbed PortReuse, the modular malware is a passive network implant that…

Fake company pushes phony cryptocurrency app to spread Mac malware

It appears North Korean hackers have revisited a tried-and-true scheme to attack Mac owners who work at cryptocurrency exchanges: creating a fake company and corresponding cryptocurrency trading app that actually infects users with malware. Researcher Patrick Wardle, creator of OS X security firm Objective-See, reported in a blog post late last week that malicious actors…

netherlandscrireport_1230499

Report: Hacker steals Dutch prostitution forum data

Hookers.nl, a Dutch online forum for prostitutes, escorts and their clientele, has reportedly suffered a data breach that has exposed the details of 250,000 users, whose data is being offered for sale. Compromised information includes email addresses, usernames, IP addresses and passwords. Usernames are typically aliases but certain real names can likely be derived from…

Imperva CTO: Breach caused by mishandled database migration

The data breach that recently affected certain customers of Imperva’s Cloud Web Application Firewall (WAF) product was made possible by a series of missteps as the cybersecurity company migrated to a cloud-based database service, the firm’s chief technology officer disclosed yesterday in a blog post. Collectively, these errors allowed an unauthorized party to steal an…

BitPaymer ransomware attackers exploit Apple flaw to bypass detection

Apple has patched a vulnerability in iCloud for Windows and iTunes for Windows that malicious actors had been exploiting to evade antivirus and endpoint detection and response systems as they attempted to infect machines with ransomware. Specifically, the zero-day flaw was discovered in Bonjour – a mechanism for delivering future updates and also for helping…

Magecart attack on e-commerce service impacts Sesame Street store and many more

Magecart hackers found out how to get to Sesame Street’s online store – and in all likelihood thousands more merchants – by initially compromising e-commerce and shopping cart service provider Volusion to deliver the credit card-skimming code. Israel-based security researcher Marcel Afrahim, who for his day job works as a research developer at Check Point…

Stolen credentials used to access TransUnion Canada’s consumer credit files

A malicious actor used stolen credentials to access a web portal operated by credit reporting agency TransUnion Canada and then used that portal to access consumer files. This week, BleepingComputer posted a report containing scanned images of a disclosure notification that TransUnion Canada has begun mailing out to affected consumers. The notification, dated Sept. 19,…

Next post in Ransomware