Tag: malware
“Crazy Evil” Threatens Cryptocurrency Ecosystem
A new and rising threat to decentralized financing has been identified. Threat intelligence researcher, the Insikt group, has uncovered “Crazy Evil,” a rapidly growing Russian crypto-scam gang that targets cryptocurrency users and influencers. According to Insikt Group, over ten active social media scams are linked directly to Crazy Evil, garnering millions of dollars in illicit funds and infiltrating tens of thousands of devices. Crazy Evil is what is referred to as a “traffer” team, which Insikt describes as “a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages.” Allegedly operating since 2021 on dark web forums and amassing thousands of followers on their public Telegram channels, Crazy Evil’s primary targets are cryptocurrency users, non-fungible token (NFT) traders and gaming professionals - all of whom often use decentralized platforms with little or no regulatory oversight.
‘Hellcat’ is new breed of cybercriminal
A ransomware gang, Hellcat, that emerged in 2024 is being seen as representative of a new type of threat actor using off-the-shelf malware and innovative extortion techniques. According to cybersecurity company Cato Networks: “Hellcat’s emergence in 2024 marks a troubling shift in the landscape of cybercrime. By leveraging a ransomware-as-a-service (RaaS) model and utilizing double extortion tactics, Hellcat has not only increased the accessibility of ransomware but also heightened the psychological impact on its victims.”
FBI unplugs Chinese hackers
The US Justice Department and FBI have completed a law enforcement operation to delete Chinese malware from approximately 4,258 U.S.-based computers and networks. The international operation was led by French law enforcement and France-based private cybersecurity company Sekoia.io. According to court documents unsealed in the Eastern District of Pennsylvania, a group of hackers paid by the People’s Republic of China (PRC), known as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers. Since at least 2014, Mustang Panda hackers have infiltrated thousands of computer systems in campaigns targeting US victims, European and Asian governments and businesses, and Chinese dissident groups.
Dutch Police Take Down major global cyber threat
The Dutch Police, Politie, claim to have removed a major threat to organizations all over the world by dismantling two of the most notorious ‘infostealers’, software designed to breach computer systems to steal sensitive information. “Operation Magnus,” conducted in collaboration with Team Cybercrime Limburg, is reported to have taken down the Redline and META info stealers, which have been responsible for infecting millions of computers worldwide with malware, leaving them open to devastating ransomware attacks and other threats.
US is top target for mobile cybercrime
The US is the top target for cyber-attacks focusing on mobile devices and those connected by the Internet of Things (IoT) plus the operational technology (OT) systems than run facilities such as power plants. According to cybersecurity firm Zscaler’s ThreatLabz 2024 Mobile, IoT, and OT Threat Report, mobile remains a top threat vector, with 111% growth in spyware and 29% growth in banking malware. Technology (18 percent), education (18 percent) and manufacturing (14 percent) continue to be the sectors most targeted by mobile malware. The education sector saw the most dramatic rise in blocked transactions, with a 136 percent increase on the previous year.
Secret Service Hot on the Trail of Cybercriminal “Stalin”
The United States Secret Service is doubling down on the search for cybercriminal “Stalin.” On August 26, 2024, the U.S Department of State partnered with the US Secret Service to put out a bounty of up to $2.5 million for information leading to the arrest of Belarusian hacker Volodymyr Kadariya, sometimes going by the alias “Stalin.” Kadariya was allegedly part of a malicious advertising (“malvertising”) ring responsible for transmitting the Angler Exploit Kit, a toolkit utilized by threat actors to exploit vulnerabilities in a system or code.
It’s official…It definitely IS the Russians
The US Federal Bureau of Investigation (FBI) has laid the blame for escalating worldwide ransomware attacks squarely at Russia’s door. Speaking at the 2024 Boston Conference on Cyber Security last week, FBI Cyber Division Assistant Director Bryan Vorndran said: “Almost all of the criminals developing sophisticated malware to enable ransomware attacks are based in Russian-speaking countries and operate as organized crime syndicates, similar to traditional organized crime elements.” He focused on the FBI’s earlier this year disruption of Dark Web ransomware gang LockBit, stressing that organized cybercriminal gangs, particularly Russian ones, are essentially the same as old-school mafia mobsters. They differ only in their methods and avenues of attack.
Game over for European criminal botnet networks
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system. Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
Law Enforcement Ramp-Up Efforts to Capture ‘Emotet’ Mastermind – June 3rd
The law enforcement agencies behind Operation Endgame are seeking information about Odd, who is allegedly behind the ‘Emotet’ malware. Initially a banking trojan, the 'Emotet' malware evolved into a tool that delivers an array of payloads, including TrickBot, IcedID, QakBot, and others.
TeaBot banking malware infects 70k smartphones
TeaBot, a highly sophisticated type of malware, is increasingly infecting Android smartphones. Cybersecurity firm Zscaler’s ThreatLabz reported a sharp rise in malicious activity leveraging TeaBot this week. TeaBot, also known as “Anatsa,” is designed to impersonate seemingly harmless applications such as PDF and WR code readers. Once installed on an Android smartphone, it acts as a Trojan horse containing numerous financial scams. “[TeaBot] is a known Android banking malware that targets applications from over 650 financial institutions, primarily in Europe. We observed Anatsa actively targeting banking applications in the US and UK. However, recent observations indicate that threat actors have expanded their targets to include banking applications in Germany, Spain, Finland, South Korea, and Singapore,” explains Zscaler ThreatLabz.
Millions of emails distributing LockBit ransomware
Affiliates of the infamous ransomware group LockBit have launched a potentially devastating new weaponized email tactic designed to cause maximum disruption to millions of companies in the US and around the world. At the end of April this year, researchers at cybersecurity firm Proofpoint began to observe high-volume ransomware campaigns sending out millions of fraudulent emails over a one-week period, facilitated by the Phorpiex botnet. In all cases, email messages purported to come from “Jenny Green” with the email address Jenny@gsd[.]com. These contained an attached ZIP file capable of downloading the LockBit Black ransomware payload from Phorpiex botnet infrastructure.
Android Malware Posing as WhatsApp, Instagram, and Snapchat – May 15th
The SonicWall Capture Labs team reported on threat actors developing malicious, fake Android apps to impersonate Google, Instagram, Snapchat, WhatsApp, and X. When downloaded by victims and once permissions have been granted to use them, illegitimate apps aim to steal sensitive data from Android devices, such as contacts, text messages, call logs, and passwords.