dcsimg
October 3, 2019

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any information entered by victims on the checkout … [Read more...]

Filed Under: carbanak, colbalt group, credit cards, data theft, ecommerce, FIN7, group 4, HYAS, JavaScript, Magecart, skimmers, threat actor, threat actor group, threat actors, Threat analysis
September 23, 2019

Emotet malspam campaign uses Snowden’s new book as lure

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers (C2), about a week or so before the spam came through. Figure 1: Communications with Emotet C2s over 90 … [Read more...]

Filed Under: botnet, botnets, Edward Snowden, emotet, macros, malspam, permanent record, snowden, spam, whistleblowers, Word exploits
September 16, 2019

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jump back into action. The malicious … [Read more...]

Filed Under: botnet, botnets, downloader, emotet, information stealer, malicious email, malspam, phishing, Ryuk ransomware, spam, spear phishing, trickbot
August 22, 2019

The lucrative business of Bitcoin sextortion scams

After a quiet period following a surge in late 2018 to early 2019, the online blackmail scheme known as sextortion scams are back on the radar and on the uptick. According to a report from Digital Shadows, a leading UK-based cybersecurity company that monitors potential threats against businesses, there are several resources available to embolden novice criminals to a life of extortion. These … [Read more...]

Filed Under: 163qcNngcPxk7njkBGU3GGtxdhi74ycqzk, 3HXdb3HAw1wVzU9b7ZSigvGaStd8KoZ3zJ, bitcoin, Bitcoin sextortion, blackmail, Digital Shadows, EFF, Electronic Frontier Foundation, scams, sextortion email, sextortion scams
July 18, 2019

No man’s land: How a Magecart group is running a web skimming operation from a war zone

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code (skimmers) typically injected into compromised e-commerce websites to steal data typed by unaware shoppers as they make their purchase. During the course of an … [Read more...]

Filed Under: bulletproof, cybercrime, exfiltration, gate, hosting, IDN, luhansk, Magecart, magento, skimmers, sniffers, swipers, ukraine
June 25, 2019

Recipe for success: tech support scammers zero in via paid search

Tech support scammers are known for engaging in a game of whack-a-mole with defenders. Case in point, last month there were reports that crooks had invaded Microsoft Azure Cloud Services to host fake warning pages, also known as browser lockers. In this blog, we take a look at one of the top campaigns that is responsible for driving traffic to those Azure-hosted scareware pages. We discovered … [Read more...]

Filed Under: browlocks, browser locker, browser lockers, malvertising, scammers, scams, tech support scam, tech support scammers, tech support scams