HackDig : Dig high-quality web security articles for hacker

Fake “Corona Antivirus” distributes BlackNET remote administration tool

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your computer, especially if you are connecting to your company̵
Publish At:2020-03-23 17:03 | Read:196 | Comments:0 | Tags:Social engineering Threat analysis antivirus botnet coronavi

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiti
Publish At:2020-03-16 14:22 | Read:265 | Comments:0 | Tags:Threat analysis APT APT36 coronavirus coronavirus malware co

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:315 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called “Domen” being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year,
Publish At:2020-02-28 14:45 | Read:276 | Comments:0 | Tags:Threat analysis buren ransomware Domen domen toolkit intelra

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon’s Cloudfront content delivery network (CDN) via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and hiding their tracks—another reason to keep watchful eye o
Publish At:2020-02-26 13:26 | Read:212 | Comments:0 | Tags:Threat analysis cdn content delivery network credit card dat

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

In the early days, practically all tech support scammers would get their own leads by doing some amateur SEO poisoning and keyword stuffing on YouTube and other social media sites. They’d then leverage their boiler room to answer incoming calls from victims. Today, these practices continue, but we are seeing more advanced operations with a clear sep
Publish At:2020-01-22 16:50 | Read:414 | Comments:0 | Tags:Threat analysis 404Browlock 404error browlock browlocks Brow

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart. It took some major incidents, notably t
Publish At:2020-01-02 16:50 | Read:587 | Comments:0 | Tags:Threat analysis credit card Magecart skimmer steganography w

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven’t been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult websites to compromise more devices. The current Chromium-d
Publish At:2019-12-18 16:50 | Read:620 | Comments:0 | Tags:Threat analysis EK exploit kit Gozi malvertising Qakbot Qbot

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many people end up buying products on
Publish At:2019-12-10 16:50 | Read:625 | Comments:0 | Tags:Threat analysis counterfeit credit card fraud Magecart shoes

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:866 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect the dots between campaigns observed in the wild and threat
Publish At:2019-10-22 11:20 | Read:789 | Comments:0 | Tags:Threat analysis advanced persistent threats APTs attribution

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any informa
Publish At:2019-10-04 11:20 | Read:751 | Comments:0 | Tags:Threat analysis carbanak colbalt group credit cards data the

Threat Announcement: Phishing Sites Detected on Emoji Domains

<p>Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:</p> <ul> <li>They are hosted on the .WS Top Level Domain (TLD)</li> <li>They utilize domains with numerous subdomains (also emojis)</li> <li
Publish At:2019-09-19 22:40 | Read:474 | Comments:0 | Tags:Threat Analysis Phish

Android Trojan FakeApp masquerading as legitmate

A variant of Android/Trojan.FakeApp is stealing the identities of popular applications (apps) such as TrueCaller and Torque Pro.   As soon as the FakeApp is installed a shortcut with an icon stolen from one of these popular apps is created, and a notification pops up.  The notification also appears whenever the shortcut icon is clicked. The code that
Publish At:2016-06-15 13:30 | Read:5643 | Comments:0 | Tags:Malware Threat analysis Android fakeapp Mobile trojan

Petya and Mischa – Ransomware Duet (part 2)

After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to
Publish At:2016-06-11 00:00 | Read:5289 | Comments:0 | Tags:Malware Threat analysis Mischa petya ransomware

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud