HackDig : Dig high-quality web security articles for hacker

AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam

By Miguel Carlo Ang and Earle Maui Earnshaw  We recently saw a malicious spam campaign that has AutoIT-compiled payloads – the trojan spy Negasteal or Agent Tesla (detected by Trend Micro as TrojanSpy.Win32.NEGASTEAL.DOCGC), and remote access trojan (RAT) Ave Maria or Warzone (TrojanSpy.Win32.AVEMARIA.T) – in our honeypots.  The upgrading of payloads from a
Publish At:2019-10-25 14:35 | Read:309 | Comments:0 | Tags:Malware Spam Agent Tesla AutoIT Ave Maria malspam Negasteal

Emotet malspam campaign uses Snowden’s new book as lure

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers (C2), about a week or so before the spam came through. Figure 1: Communic
Publish At:2019-09-23 23:25 | Read:397 | Comments:0 | Tags:Botnets botnet botnets Edward Snowden emotet macros malspam

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jum
Publish At:2019-09-20 11:20 | Read:289 | Comments:0 | Tags:Botnets botnet botnets downloader emotet information stealer

Spam and phishing in Q3 2017

Quarterly highlights Blockchain and spam Cryptocurrencies have been a regular theme in the media for several years now. Financial analysts predict a great future for them, various governments are thinking about launching their own currencies, and graphics cards are swept off the shelves as soon as they go on sale. Of course, spammers could not resist the top
Publish At:2017-11-03 07:15 | Read:2340 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

Basetools underground hacking forum breached, hacker demands $50K ransom

Basetools underground hacking forum was breached, hackers demand a $50K ransom to avoid sharing stolen data, including admin identity, with law enforcement. A hacker that goes online with the Twitter handle mat (@0xScripts) has breached a popular underground hacking forum and he is threatening to share the stolen archive to the law enforcement if the adminis
Publish At:2017-10-29 03:55 | Read:4488 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Deep Web Basetools.ws

A new Ursnif Banking Trojan campaign targets Japan

Crooks continues to target Japanese users, now the hackers leverage the Ursnif banking Trojan, aka Gozi, to hit the country. According to researchers at IBM X-Force group, cyber criminals are delivering the infamous malware via spam campaigns that began last month. The Ursnif banking Trojan was the most active malware code in the financial sector in 2016 and
Publish At:2017-10-28 09:30 | Read:4293 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Japan spam Ursn

URSNIF spam campaign expose new macro evasion tactics

Trend Micro recently observed a new campaign leveraging the Ursnif banking Trojan using new malicious macro tactics payload delivery and evade detection. Researchers at Trend Micro have recently spotted a new campaign leveraging the Ursnif banking Trojan featuring new malicious macro tactics for payload delivery. Malicious macros are widely adopted by crook
Publish At:2017-10-22 06:06 | Read:3031 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime macros

New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail

by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that saw i
Publish At:2017-10-21 18:05 | Read:2990 | Comments:0 | Tags:Malware macro sandbox Spam

A Look at Locky Ransomware’s Recent Spam Activities

Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, L
Publish At:2017-10-21 18:05 | Read:2336 | Comments:0 | Tags:Ransomware Spam Locky ransomware Trickbot

Crooks using Linux.ProxyM IoT botnet to send spam messages

Experts at security firm Doctor Web discovered a new botnet of IoT devices leveraging the Linux.ProxyM, that is used by crooks for mass spam mailings. The most popular thingbot since now is the Mirai, but it isn’t the only one targeting Linux-based internet-of-things (IoT) devices. Researchers with security firm Doctor Web discovered a new botnet of Io
Publish At:2017-09-22 14:45 | Read:2639 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns

By Julie Cabuhat, Michael Casayuran, Anthony Melgarejo In the beginning of September, a sizeable spam campaign was detected distributing the latest Locky variant. Locky is a notorious ransomware that was first detected in the early months of 2016 and has continued to evolve and spread through different methods, particularly spam mail. A thorough look at samp
Publish At:2017-09-19 00:55 | Read:3572 | Comments:0 | Tags:Ransomware Spam FakeGlobe Locky ransomware

Backdoored Display Widgets Plugin potentially affects 200,000 WordPress installs abusing them to spam content

Around 200,000 WordPress websites using the Display Widgets Plugin were impacted after it was updated to include malicious code. According to security firm Wordfence, roughly 200,000 WordPress websites were impacted after a plugin they were using was updated to include a backdoor. “If you have a plugin called “Display Widgets” on your WordPress websit
Publish At:2017-09-15 16:40 | Read:2581 | Comments:0 | Tags:Breaking News Hacking Cybercrime Display Widgets Pierluigi P

Crooks leverage Facebook CDN servers to bypass security solutions

Crooks are abusing Facebook CDN servers to deliver malware and evading detection exploiting the trust in the CDN network of the social networking giant. Crooks are abusing Facebook CDN (Content Delivery Network) servers to store malware and to deliver it evading detection exploiting the trust in the CDN network of the social network giant. Researchers from M
Publish At:2017-09-11 01:35 | Read:2307 | Comments:0 | Tags:Breaking News Cyber Crime Malware Facebook CDN Hacking malwa

Onliner Spambot – More than 711 Million email addresses open and accessible online

An archive containing more than 630 million email addresses used by the spambot server dubbed ‘Onliner Spambot’  has been published online. The Onliner Spambot dump is the biggest one of its kind, it was discovered by the security researcher who goes online with the handle Benkow. The database was hosted on an “open and accessible” se
Publish At:2017-08-30 21:15 | Read:3804 | Comments:0 | Tags:Breaking News Data Breach Hacking Cybercrime malware Onliner

US CERT is warning of potential Hurricane Harvey Phishing Scams

After the Hurricane Harvey hit Texas causing deaths and destructions, authorities are warning of potential Phishing Scams. The US CERT is warning of Potential Hurricane Harvey phishing scams, the experts fear crooks may start using malicious emails purportedly tied to the storm.  “US-CERT warns users to remain vigilant for malicious cyber activity
Publish At:2017-08-29 08:25 | Read:3546 | Comments:0 | Tags:Breaking News Cyber Crime Cybercrime Hacking Hurricane Harve


Share high-quality web security related articles with you:)


Tag Cloud