The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cyber Criminals

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down
February 28, 2019Wang Wei
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.

US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

US Indicts Two Chinese Government Hackers Over Global Hacking Campaign
December 20, 2018Mohit Kumar
The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be members of a state-sponsored hacking group known as Advanced Persistent Threat 10 ( APT 10 ) or Cloudhopper that has been working from over a decade to steal business and technology secrets from companies and government agencies around the world. According to the indictment , the alleged hackers targeted more than 45 companies and government agencies from 2006 to 2018 and stole "hundreds of gigabytes" of sensitive data and personal information from its targets. Both Hua and Shilong worked for Huaying Haitai Science and Technology Development Company and are alleged to have committed these crimes at the directio

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards
August 02, 2018Swati Khandelwal
Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday. The three suspects are believed to be members of the organized Russian cybercrime group known as FIN7 , the hackers group behind Carbanak and Cobalt malware and were arrested last year in Europe between January and June. The suspects—Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30—are all from Ukraine and accused of targeting 120 companies based in the United States, as well as U.S. individuals. The victims include Chipotle Mexican Grill, Jason's Deli, Red Robin Gourmet Burgers, Sonic Drive-in, Taco John's, Chili's, Arby's, and Emerald Queen Hotel and Casino in Washington state. Carbanak (FIN7) Group Charged for Stealing 15 Million Credit Cards According to the press release published

'Black Friday' and 'Cyber Monday' — 4 Scams To Watch Out For While Shopping

'Black Friday' and 'Cyber Monday' — 4 Scams To Watch Out For While Shopping
November 26, 2014Swati Khandelwal
Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately it's a good time for cyber criminals and scammers as well. With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) coming up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend millions online. Every eye will be on retailers to ensure that consumers' online shopping experiences are straightforward and, most importantly, secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen . Not just Target alone, multiple retailers including Neiman Marcu s , Michaels Store were also targeted during last Christmas holiday, involving the heist of possibly 110 million Cr

Desktop Viruses Coming to Your TV and Connected Home Appliances

Desktop Viruses Coming to Your TV and Connected Home Appliances
April 23, 2014Swati Khandelwal
Smart Devices are growing at an exponential rate and so are the threats to them. After your Computers, Servers, Routers , Mobiles and Tablets, now hackers are targeting your Smart TVs, warns Eugene Kaspersky the co-founder and chief executive of Kaspersky Lab. As the increase in the manufactures of Smart TVs by different companies, it could be estimated that by 2016, over 100 million TVs are expected to be connected to the Internet and in the time it may rise as a profitable fruit for the malware authors and cyber criminals to exploit these devices. The 48 year-old Eugene Kaspersky , one of the world's top technology security experts, has thrown light on the future of Computer Security and warned that  Internet of Things (IoT) such as TVs, Refrigerators, Microwave or dishwashers will necessarily bring undesirable cyber threats to your home environment, because any device connected to the Internet is vulnerable and can be infected. " The threats will dive

360 Million Stolen Credential FOR SALE on Underground Black Market

360 Million Stolen Credential FOR SALE on Underground Black Market
February 27, 2014Swati Khandelwal
Your Financial Credentials are on SALE on the Underground Black Market without your Knowledge… sounds like a nightmare, but it's TRUE. Cyber security firm, Hold Security, said it has traced over 360 million stolen account credentials that are available for Sale on Hacker's black market websites over past three weeks. The credentials include usernames, email addresses, and passwords that are in unencrypted in most cases, according to the report released on Tuesday. It is not known till now from where these credentials exactly were stolen, but the security researchers estimated that these credentials are a result of multiple breaches. Since the banking credentials are one of the most ' valuable bounties ' for the cyber criminals, and the ways to steal these credentials can be directly from the companies and from the services in which users entrust data as well. According to Hold Security, in addition to the sale of 360 million credentials, the cyber criminals are  s

TESCO Customers' account details leaked online

TESCO Customers' account details leaked online
February 15, 2014Swati Khandelwal
You all were busy in celebrating Valentine's Day with your loved ones, and the cyber criminals were too celebrating the day in their own way, and this time, with the TESCO customers. A list of over 2,240 Tesco.com  Internet Shopping accounts was posted Online on the Pastebin website by some unknown hackers on Thursday, allowing access to online shopping accounts, personal details and Tesco Clubcard vouchers, reported by The Guardian . A Tesco spokesperson told The Hacker News that this information has not come from Tesco's website itself, rather there have been high profile hacks on other businesses  A Tesco spokesperson said, " We take the security of our customers' data extremely seriously and are urgently investigating these claims. " " We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this. We will issue replacement vouchers to the very small numbers who are affected. "

Beware! Cyber Criminals may spoil your Valentine's Day

Beware! Cyber Criminals may spoil your Valentine's Day
February 11, 2014Swati Khandelwal
Valentine's Day   - a day of hearts, Chocolates, Flowers and Celebrations when people express their emotions to their loved ones and most of us send E-cards, purchase special gifts with the help of various Online Shop Sites and many other tantrums making them feel special. While you are busy in Googling ideal gifts for your loved ones, the Cyber thieves are also busy in taking advantage of such events by spreading various malware , phishing campaigns and fraud schemes as these days come out to be a goldmine for the cyber criminals. Online Shopping Scams are popular among Cyber criminals as it is the easiest way for hackers to steal money in easy and untraceable ways. Security Researchers at Anti virus firm - Trend Micro discovered various Valentine's Day threats which are common at such occasion i.e. A flower-delivery service and it appears to be a normal promotional e-mail, but the links actually lead to various survey scams. The Malware threats also arr

Criminals rapidly migrating to new digital Currency 'Perfect Money' after Liberty Reserve takedown

Criminals rapidly migrating to new digital Currency 'Perfect Money' after Liberty Reserve takedown
August 12, 2013Mohit Kumar
There are so many ways to move money anonymously on the Internet and US Justice Department has declared war on currencies widely used by cyber criminals . Just after the Law Enforcement in 17 countries shuts down ' Liberty Reserve ', a $6 billion digital money laundering operation, now the criminals is switching to another online currency called " Perfect Money ".  Perfect Money, another private digital currency that has emerged to meet the demand of Criminals and hackers, those buying and selling kit anonymously and being used by people selling stolen credit cards in Internet hacker forums recently. Fraudsters are rapidly migrating to Perfect Money and  it allows users to transfer money anonymously by purchasing and exchanging the proprietary currency for dollars, euros and gold. These virtual currencies are often linked to bitcoin because it has also been used by criminals. It was thought Bitcoin would be a handy replacement for Liberty Reser

Algerian Hacker linked to SpyEye virus extradited to US

Algerian Hacker linked to SpyEye virus extradited to US
May 04, 2013Mohit Kumar
The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj , also known as

Fraud-as-a-Service of Zeus Malware advertised on social network

Fraud-as-a-Service of Zeus Malware advertised on social network
April 28, 2013Anonymous
Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol

Researchers detected the Malware that targets the Russian stock-trading platform QUIK

Researchers detected the Malware that targets the Russian stock-trading platform QUIK
April 21, 2013Wang Wei
Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS IVonline from

World's biggest DDoS attack that Almost Broke the Internet

World's biggest DDoS attack that Almost Broke the Internet
March 29, 2013Mohit Kumar
The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running.  Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18. Five national cyber-police-forces are investigating the attacks.  A group calling itself STOPhaus,  an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the D

Jailed cyber criminal hacked into prison computer system from Jail

Jailed cyber criminal hacked into prison computer system from Jail
March 04, 2013Mohit Kumar
Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail's computer system. Nicholas Webber , serving five years in prison for running an internet crime forum Ghost Market , Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London. The incident occurred back in 2011, but it only came to light recently " At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible, " A spokesman fοr prison tοƖԁ the Daily Mail reported . His IT teacher, Michael Fox ,who was employed by Kensington

What does the Poetry with Citadel trojan ?

What does the Poetry with Citadel trojan ?
February 23, 2013Anonymous
Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let's remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very

Android malware with ability to install Backdoor on Computers

Android malware with ability to install Backdoor on Computers
February 04, 2013Mohit Kumar
Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone. When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file ( Backdoor.MSIL.Ssucl.a ) is automatically executed on computer. A similar situation may arise in case of SD card. Before apps were removed by Google, they may together have been downloaded up to 6000 times. Malicious code t

Operation Red October : Cyber Espionage campaign against many Governments

Operation Red October : Cyber Espionage campaign against many Governments
January 15, 2013Anonymous
A new sensational discovered has been announced by Kaspersky Lab's Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Red October , name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October. The campaign hit hundreds of machines belonging to following categories: Government Diplomatic / embassies Research institutions Trade and commerce Nuclear / energy research Oil and gas companies Aerospace Military The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers. Accordin

Hackers abusing online Nmap Port Scanning service

Hackers abusing online Nmap Port Scanning service
December 28, 2012Mohit Kumar
Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called " ScanPlanner " (htt

Android Malware that can DDoS Attacks from your smartphone

Android Malware that can DDoS Attacks from your smartphone
December 28, 2012Wang Wei
The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it's not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone. This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware. Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched. When it receives a DDoS attack command, the malware starts to send data packets to the sp

Internet Explorer flaw allows Hackers to Track your Mouse

Internet Explorer flaw allows Hackers to Track your Mouse
December 15, 2012Mohit Kumar
A vulnerability in different versions of Microsoft's widely used browser Internet Explorer can allow hackers to track the movements of your mouse. Microsoft is investigating reports of a mouse-tracking flaw that puts virtual keyboards and keypads at risk to remote monitoring. Spider.io, a UK-based company in the advertising analytics field, alleged that two unnamed companies are improperly using a flaw that allows them to track whether display advertisements, sometimes buried far down in web pages, are actually viewed by users. Almost every US-based user of Internet Explorer will have their mouse cursor tracked via this exploit almost every day they browse the web. Microsoft has confirmed that every version of Internet Explorer, from version 6 dating back to 2001 up to 10, released this year, is vulnerable. How this works ? All a hacker needs to do is, buy a ad space on any webpage and wait until a user visits it. If the tab remains open, the hacker has continuous access to user
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.