Cybercrime | SC Media

Cybercrime

Remcos RAT campaign delivers new variant using AutoIt wrapper

Researchers have discovered a new Remcos RAT campaign that uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques. Trend Micro uncovered the threat last July after encountering a phishing email that was disguised as an order notification, but actually contained an attachment that delivered the RAT. “The email…

Cracked.to hacking forum user data breached and leaked by rivals

Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Destructive malware attacks double as attackers pair ransomware with disk wipers

IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…

Report: North Korea funded WMD programs with $2B stolen via cyberattacks

North Korea’s rampant and repeated cyberattacks on financial institutions and cryptocurrency exchanges over the years has generated $2 billion in stolen funds, which the nation allocated toward developing weapons of mass destruction programs, according to a confidential UN document, Reuters reported yesterday. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of…

trojanhorse_1032765

Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American…

U.S. indicts three over alleged phishing campaign targeting universities, businesses

The Department of Justice has indicted two Americans and a Nigerian on multiple charges for their alleged roles in a phishing scheme that targeted college employees, banks and other businesses from May 2013 through June 2014. Filed on Tuesday in U.S. District Court in New Mexico, the indictment identifies the defendants as Nigerian citizen Otuokere…

BlueKeep built into exploitation tool, sparks fear of Wannacry style infections

Security firm Immunity has developed a working BlueKeep exploit module and added it to an automated exploitation platform, raising concerns that threat actors may be able to use the tool to recreate WannaCry scale attacks. The product is available for what some are describing as an “expensive” monthly rate and was released because “it’s important…

Next post in Vulnerabilities