Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.” ” reads the analysis published by Morphisec.

Government 98

Government Manufacturing Authentication Cybersecurity 98

Security Affairs

JULY 3, 2023

The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. .” The administrator offers access to the stolen data through a management console.

Passwords 92

Passwords Marketing Access IT 92

Security Affairs

APRIL 5, 2023

Law enforcement seized the Genesis Market black marketplace, a platform focused on the sale of stolen credentials, as part of Operation Cookie Monster. The seizure is part of a law enforcement operation codenamed Operation Cookie Monster. Genesis Market was an invite-only marketplace, but it was not complex to find invite codes online.

Marketing 93

Marketing Sales Education Cybersecurity 93

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. EvilExtractor is a modular info-stealer, it exfiltrates data via an FTP service. The bad news is that according to FortiGuard Labs, cybercriminals are actively using the tools as an info stealer.

Phishing 96

Phishing Sales Education Ransomware 96

Security Affairs

APRIL 11, 2022

Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. The malware was derived to siphon credentials and cookies from infected machines. Targeting social media platforms to steal the credentials and cookies. PWS.FFDroider.”

Cybersecurity 91

Cybersecurity Security IT Information Security 91

Security Affairs

APRIL 18, 2023

1/4 pic.twitter.com/7JjOSbYEBx — ESET Research (@ESETresearch) April 17, 2023 The RedLine is an info stealing malware written in.NET that is active since at least early 2020. The info-stealer is considered a commodity malware that is available through malware-as-a-service model.

Education 95

Education Authentication Cybersecurity Security 95

Security Affairs

MAY 21, 2023

This week, ReversingLabs researchers warned of the presence of two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat.

Encryption 96

Encryption Cybersecurity Security IT 96

Security Affairs

JUNE 29, 2022

Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The post YTStealer info-stealing malware targets YouTube content creators appeared first on Security Affairs. Only use software from trusted sources.”

Authentication 98

Authentication Libraries Encryption Marketing 98

IT Governance

JUNE 22, 2023

The cyber intelligence firm Group-IB discovered the compromised data within the logs of info-stealing malware traded on various underground websites. Info-stealers are a form of malware that target account data stored on web browsers. This can include passwords, cookies, browsing history and bank payment details.

Passwords 98

Passwords Data breaches Risk Government 98

Security Affairs

MAY 17, 2022

The malicious apps are able to steal credentials, Facebook cookies, and other personally identifiable information. Because of how Facebook runs its cookie management policy, we feel that these types of apps will continue to plague Google Play.” The Facestealer spyware was first spotted on July 2021 by Dr. . Pierluigi Paganini.

Mining 96

Mining Cloud Cybersecurity Security 96

Security Affairs

AUGUST 9, 2021

When the users sign into their account, the malware collects their victim’s data, including Facebook ID, location, email address, IP address, and the cookies and tokens associated with the Facebook account. The experts found a flaw in the authentication process to the C2 server that allowed them to access the harvested session cookies.

Authentication 124

Authentication Security Access IT 124

Security Affairs

JANUARY 12, 2022

Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using a fake COVID-19 Omicron stat counter app as a lure. Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure.

Manufacturing 141

Manufacturing File names Archiving Encryption 141

Security Affairs

JUNE 25, 2023

In the last stage of the attack, the “atom.exe” retrieves an info-stealing executable, named “wime.exe” , from the C2. The executable unpacks itself and loads the open-source malware Umbral Stealer into the process memory. ” concludes the report. ” concludes the report.

Mining 98

Mining Passwords IT Security 98

Security Affairs

AUGUST 15, 2023

The RAT is able to collect sensitive data and exfiltrate them by sending the info to the attacker’s Telegram bot. The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram and Discord platforms. ” reads a new report published by security firm Uptycs.

Sales 97

Sales Access Cybersecurity IT 97

Security Affairs

JANUARY 31, 2019

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites. The malware targets cookies associated with cryptocurrency exchanges such as Binance , Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

Mining 93

Mining Authentication Blockchain Passwords 93

Security Affairs

SEPTEMBER 16, 2022

The RedLine malware allows operators to steal several pieces of information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as first-stage malware.

Archiving 95

Archiving Passwords Access Security 95

Security Affairs

SEPTEMBER 27, 2021

The infostealer is available for sale on dark web forums, the researchers explained that the malware allows operators to harvest a broad range of information, including cookies, passwords, bank cards, and sessions from various applications. ” Follow me on Twitter: @securityaffairs and Facebook.

Passwords 89

Passwords Sales Marketing IT 89

Security Affairs

DECEMBER 31, 2021

The service now includes credentials for 441K accounts stolen by the popular info-stealer. The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients.

Data breaches 141

Data breaches Passwords Archiving Access 141

Security Affairs

AUGUST 4, 2023

.” It’s not uncommon to find malicious packages on NPM, in May ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat.

Archiving 93

Archiving Encryption Passwords Marketing 93

IT Governance

JULY 4, 2023

On this page: Cyber attacks Ransomware Data breaches Malicious insiders and miscellaneous incidents Cyber attacks Oregon and Louisiana departments of motor vehicles become the latest government department affected by MOVEit breach (9.5

Data breaches 96

Data breaches Ransomware Government Insurance 96

Security Affairs

SEPTEMBER 27, 2022

The Erbium info-stealing malware was first spotted by researchers at threat intelligence firm Cluster25 on July 21, 2022. The post Erbium info-stealing malware, a new option in the threat landscape appeared first on Security Affairs. The Malware-as-a-Service (MaaS) was advertised on a Dark Web forum by a Russian-speaking threat actor.

Authentication 92

Authentication Passwords Libraries Communications 92

Security Affairs

SEPTEMBER 7, 2023

The malware is able to steal data from multiple browsers, including auto-fills, passwords, cookies, wallets, and credit card information. AMOS can target multiple cryptowallets such as Electrum, Binance, Exodus, Atomic, and Coinomi. These services are offered at a price of $1000 per month.” reads the report published by Cyble.

Passwords 112

Passwords Phishing IT Security 112

Security Affairs

AUGUST 21, 2022

The scripts will also infect the victim’s computer with the Raccoon Stealer info-stealing trojan which allows operators to steal login credentials, cookies, auto-fill data, and credit cards saved on web browsers, along with cryptocurrency wallets. The process leads to the installation of the NetSupport RAT remote access trojan.

Passwords 97

Passwords Access Security IT 97

Security Affairs

FEBRUARY 10, 2023

The malware also drops additional custom payloads if necessary, including a domain profiler script that sends AD (Active Directory) domain details to the C2 and a loader script (AHK Bot loader) that inject a fileless info stealing malware (dubbed Rhadamanthys) in memory.

Phishing 93

Phishing Sales Passwords Security 93

Security Affairs

AUGUST 1, 2023

NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook. The info stealer is believed to have a Vietnamese origin and was allegedly distributed by threat actors from Vietnam. environment.

Phishing 96

Phishing Archiving Cloud IT 96

Security Affairs

APRIL 16, 2019

At shutdown, the driver is written to disk, and a start-up service key is created in the Registry,” Below the infection process described by the experts: The dropper steals cookies, login credentials and payment info with the help of specialized DLLs. Experts reported that it is already infecting users worldwide.

Passwords 75

Passwords Encryption Paper Phishing 75

Security Affairs

AUGUST 9, 2022

No No Info CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No Info CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability Important 4.8 No No RCE CVE-2022-34716.NET

Security 122

Security Cloud IT Information Security 122

Security Affairs

FEBRUARY 17, 2022

Current versions could steal a broad range of info from the infected host and target wallets from multiple platforms, including Armory, Atomic Wallet, Bytecoin, Electrum, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash. Kraken’s authors are constantly updating their code by implementing new features.

IT 98

IT Security Information Security 98

Security Affairs

FEBRUARY 12, 2019

info server. info server. The network packet exchanged with the server confirms this identification due to the known communication patterns and the dynamic analysis also shows info-stealing behaviours compatible with the identified threat. It contacts two distinct servers, googodsgld.]com com and driverconnectsearch.]info.

Communications 88

Communications Archiving Passwords Encryption 88

eSecurity Planet

NOVEMBER 29, 2022

“In 2022, info-stealing malware has grown into one of the most serious digital threats,” Group-IB noted in a statement. Clear browser cookies on a regular basis. That’s a significant increase from 2021, when the stealers accessed almost 28 million passwords from a total of 538,000 devices. Last month, the U.S.

Passwords 116

Passwords Phishing Mining Marketing 116

Security Affairs

MARCH 12, 2020

The campaign spotted by the experts aims at spreading the AZORult info stealer, a popular malware that was employed in numerous attacks to steal browsing history, cookies, ID/passwords, cryptocurrency and more. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.” ” continues the analysis.

Passwords 138

Passwords Cybersecurity IT Security 138

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. The black market for web cookies, tokens and valid credentials is way too valuable when compared with the economy in their home countries for them to stop.”

Phishing 107

Phishing Marketing Security Risk 107

Security Affairs

OCTOBER 5, 2022

In the OnionPoison campaign, threat actors shared a link to a malicious Tor installer posting it on a popular Chinese-language YouTube channel providing info on the anonymity on the internet. “Curiously, unlike common stealers, OnionPoison implants do not automatically collect user passwords, cookies or wallets.

Libraries 95

Libraries Personal data Passwords Cloud 95

Security Affairs

DECEMBER 5, 2021

The MagnatExtension, which masquerades as Google’s Safe browsing , allows attackers to steal form data, harvest cookies, and also execute arbitrary JavaScript code on the victim’s system. The post Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers appeared first on Security Affairs.

Sales 94

Sales File names Passwords Encryption 94

Security Affairs

SEPTEMBER 5, 2022

EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session. This way they can harvest valid session cookies and bypass the need to authenticate with usernames, passwords and/or 2FA tokens. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing 99

Phishing Authentication Data collection Sales 99

eDiscovery Daily

AUGUST 3, 2023

Cookie cutter approaches are no longer adequate, and legal teams need to adapt to the unique needs of their clients. The post Key Takeaways on eDiscovery/eDisclosure, Info Governance and Collaboration from The Master’s Conference in London appeared first on CloudNine.

Government 53

Government Artificial Intelligence Information governance GDPR 53

Security Affairs

APRIL 29, 2019

The new Emotet version sends the stolen info within the HTTP POST message body, instead of using the Cookie header. Since March 15, experts monitored Emotet samples using new POST-infection traffic and discovered they were also using randomly generated URI directory paths in its POST requests to evade network-based detection.

IoT 85

IoT Archiving Encryption Passwords 85