HackDig : Dig high-quality web security articles for hacker

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many people end up buying products on
Publish At:2019-12-10 16:50 | Read:238 | Comments:0 | Tags:Threat analysis counterfeit credit card fraud Magecart shoes

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:174 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect the dots between campaigns observed in the wild and threat
Publish At:2019-10-22 11:20 | Read:363 | Comments:0 | Tags:Threat analysis advanced persistent threats APTs attribution

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any informa
Publish At:2019-10-04 11:20 | Read:349 | Comments:0 | Tags:Threat analysis carbanak colbalt group credit cards data the

Threat Announcement: Phishing Sites Detected on Emoji Domains

<p>Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:</p> <ul> <li>They are hosted on the .WS Top Level Domain (TLD)</li> <li>They utilize domains with numerous subdomains (also emojis)</li> <li
Publish At:2019-09-19 22:40 | Read:233 | Comments:0 | Tags:Threat Analysis Phish

Android Trojan FakeApp masquerading as legitmate

A variant of Android/Trojan.FakeApp is stealing the identities of popular applications (apps) such as TrueCaller and Torque Pro.   As soon as the FakeApp is installed a shortcut with an icon stolen from one of these popular apps is created, and a notification pops up.  The notification also appears whenever the shortcut icon is clicked. The code that
Publish At:2016-06-15 13:30 | Read:5055 | Comments:0 | Tags:Malware Threat analysis Android fakeapp Mobile trojan

Petya and Mischa – Ransomware Duet (part 2)

After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to
Publish At:2016-06-11 00:00 | Read:4867 | Comments:0 | Tags:Malware Threat analysis Mischa petya ransomware

But have I really been pwned? Vetting your data

The news has been full of leaked passwords for some popular services recently. We can see very big numbers being tossed around casually, both in accounts breached and potential dollar losses. But researchers like Brian Krebs (Link, Link) have noted that these numbers can be exaggerated for effect, and sometimes blatantly wrong. So where exactly do these numb
Publish At:2016-06-08 17:15 | Read:4312 | Comments:0 | Tags:Criminals Threat analysis

Clipboard poisoning attacks on the Mac

Graham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with something else. Although this seems like an insignificant issue on first glance, it turns out that there are some very serious implica
Publish At:2016-05-28 06:35 | Read:4614 | Comments:0 | Tags:Mac Threat analysis Apple JavaScript mac safari

DMA Locker 4.0 – Known Ransomware Preparing For A Massive Distribution

From the beginning of this year, we are observing rapid development of DMA Locker. First, the threat was too primitive to even treat it seriously. Then it evolved to more complex but still decryptable ransomware. The 3.0 edition was very similar to the previous one that we described, so we skipped posting about its details (the only change was to fix the bug
Publish At:2016-05-23 17:05 | Read:4658 | Comments:0 | Tags:Malware Threat analysis DMA Locker ransomware

PUP Friday: Bubbling Over

At Malwarebytes Labs, we’re never short of PUPs to analyse and explore. As per our telemetry to date, SweetIM is one of the top PUPs Malwarebytes Anti-Malware (MBAM) detects and removes from our clients systems. In order to get to know what SweetIM software does on a user’s system, we have selected Bubble Hit by GamePacks (MD5: 0326564318717b9826c4b81eb5d342
Publish At:2016-05-21 10:20 | Read:4032 | Comments:0 | Tags:PUPs Threat analysis bubble hit gamepackers PUP Friday sweet

Petya and Mischa – Ransomware Duet (part 1)

After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate mor
Publish At:2016-05-19 21:50 | Read:4294 | Comments:0 | Tags:Malware Threat analysis Mischa petya ransomware

Top Chilean News Website Emol Pushes Angler Exploit Kit

Emol.com (El Mercurio On-Line) is a very popular information portal ranked 5th most visited site in Chile. El Mercurio, is a conservative Chilean newspaper with a troubled past including funding from the CIA in the early 1970s to undermine the Socialist government of Salvador Allende. In more recent times, Emol was serving a malicious advert that automatical
Publish At:2016-05-12 07:20 | Read:3449 | Comments:0 | Tags:Exploits Threat analysis Angler emol malvertising exploit

Malvertising On Blogspot: Scams, Adult Content and Exploit Kits

We don’t really hear about it that much, but malvertising can and does target free blogging platforms as well. Just this morning, our friends at Virus Bulletin Martijn Grooten and Adrian Luca wrote about some sites hosted on Google’s Blogspot service pushing tech support scams. We also caught some malicious activity on the Blogger platform this p
Publish At:2016-05-10 00:35 | Read:3707 | Comments:0 | Tags:Malware Threat analysis blogger blogspot malvertising exploi

7ev3n ransomware turning ‘HONE$T’

7ev3n ransomware appeared at the beginning of this year. In addition to typical features of encrypting files, it was blocking access to the system using a fullscreen window, and was difficult to remove. It also became famous for demanding an unrealistic price of 13 bitcoins. At that time the product looked like in early stage of development, however, the cod
Publish At:2016-05-06 23:35 | Read:3632 | Comments:0 | Tags:Malware Threat analysis 7ev3n ransomware


Share high-quality web security related articles with you:)


Tag Cloud