HackDig : Dig high-quality web security articles for hackers

Mokes and Buerak distributed under the guise of security certificates

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to infected sites were informed that some kind of security certifica
Publish At:2020-03-05 08:33 | Read:853 | Comments:0 | Tags:Featured Incidents Backdoor Digital Certificates Trojan Vuln

AZORult spreads as a fake ProtonVPN installer

AZORult has its history. However, a few days ago, we discovered what appears to be one of its most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Screenshot of a fake ProtonVPN website The campaign started at the end of November 2019 when the threat actor behind it registered a new domain und
Publish At:2020-02-18 06:35 | Read:984 | Comments:0 | Tags:Featured Incidents Botnets Cryptocurrencies Data theft Malve

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:1625 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

An advertising dropper in Google Play

Recently, the popular CamScanner – Phone PDF creator app caught our attention. According to Google Play, it has been installed more than 100 million times. The developers position it as a solution for scanning and managing digitized documents, but negative user reviews that have been left over the past month have indicated the presence of unwanted features.
Publish At:2019-09-19 18:20 | Read:1329 | Comments:0 | Tags:Featured Incidents Adware Google Android Mobile Malware Troj

Bad Rabbit ransomware

What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine. Here’s what a ransom message looks like for the unlucky victims: What is bad rabbit? Bad Rabbit is a previously unknown r
Publish At:2017-10-24 16:45 | Read:4596 | Comments:0 | Tags:Featured Incidents drive-by attack Ransomware Targeted Attac

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top
Publish At:2017-08-24 05:50 | Read:3878 | Comments:0 | Tags:Incidents Adware Facebook JavaScript Social networks

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper prete
Publish At:2017-06-28 19:25 | Read:4626 | Comments:0 | Tags:Featured Incidents Petya Ransomware Wiper

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were one of the unfortunate victims, this screen might look familiar: Kaspersky Lab solutions successfully stop the attack through the System Watcher component. This te
Publish At:2017-06-27 20:10 | Read:5740 | Comments:0 | Tags:Featured Incidents Data Encryption Malware Descriptions Rans

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This
Publish At:2017-05-13 11:15 | Read:6172 | Comments:0 | Tags:Blog Incidents Encryption Malware Descriptions Ransomware Vu

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ command and control server. In addition, the compromised devices were pushed Trojan updates, which allowed the attackers to extend their capabilities. The operation remains active at t
Publish At:2017-02-16 16:40 | Read:6411 | Comments:0 | Tags:Blog Featured Incidents Mobile Attacks Obfuscation Social En

The “EyePyramid” attacks

On January 10, 2017, a court order was declassified by the Italian police, in regards to a chain of cyberattacks directed at top Italian government members and institutions. The attacks leveraged a malware named “EyePyramid” to target a dozen politicians, bankers, prominent freemasons and law enforcement personalities in Italy. These included Fab
Publish At:2017-01-12 13:40 | Read:11699 | Comments:0 | Tags:Blog Featured Incidents Cybercrime Malware Descriptions Spea

DDoS attack on the Russian banks: what the traffic data showed

From November 8 to 12, websites of some of the largest Russian banks fell victim to heavy DDoS attacks. Initially, it was no indication of anything unusual – all well-known banks get attacked from time to time – but further developments have evolved in the manner that allowed us to suggest a high level of organization in regards to the series of
Publish At:2016-11-24 13:10 | Read:5185 | Comments:0 | Tags:Blog Incidents DDoS-attacks Internet Banking DDOS

Spear-Phishing Incident Causes Havoc at San Francisco Exploratorium Museum

One careless employee is all it takes to take down a company, as a recent incident report from the Exploratorium Museum reveals.The incident in question took place on September 6, when an employee of the Museum of Science, Art, and Human Perception in San Francisco, also known as the Exploratorium, fell for a well-crafted spear-phishing email.Early in the mo
Publish At:2016-10-25 18:40 | Read:4670 | Comments:0 | Tags:Incidents

Ethereum Network Under Computational DDoS Attack

The Ethereum network suffered from a computational DDoS attack yesterday when an unknown actor had leveraged a recently disclosed security issue to slow down Ether transactions.The attacker had carried out multiple Ether transactions that caused miners, servers that process transactions, to launch 50,000 additional queries on the Ethereum network before vali
Publish At:2016-09-23 10:35 | Read:5210 | Comments:0 | Tags:Incidents DDOS

Ammyy Admin Website Compromised to Spread Cerber 3 Ransomware

The website of the Ammyy Admin remote desktop management tool has been compromised to spread malware for the God-knows-what time in the past year.Softpedia detected that something was wrong after we started receiving worrisome comments from our readers on two articles detailing past infections of the Ammyy Admin website.“  [D]ownloaded the ammyy r
Publish At:2016-09-15 19:45 | Read:4425 | Comments:0 | Tags:Incidents


Tag Cloud