The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: exploit kit

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
April 28, 2022Ravie Lakshmanan
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
March 18, 2020Ravie Lakshmanan
As the world comes to grips with the coronavirus pandemic , the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web. "Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said. COVID-19 Discounts: Exploit Tools for Sale The report comes following an uptick in the number of malicious coronavirus-related domains that hav

Russia proposes 10 Year in Prison Sentence for Hackers and Malware Authors

Russia proposes 10 Year in Prison Sentence for Hackers and Malware Authors
December 08, 2016Mohit Kumar
The Russian government has introduced a draft bill that proposes prison sentences as punishment for hackers and cyber criminals creating malicious software used in targeting critical Russian infrastructure, even if they have no part in actual cyber attacks. The bill, published on the Russian government's website on Wednesday, proposes amendments to the Russian Criminal Code and Criminal Procedure Code with a new article titled, "Illegal influence upon the critical informational infrastructure of the Russian Federation." The article introduces punishment for many malicious acts, including the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems." When suspects found as part of any hacking operation, they will face a fine between 500,000 and 1 Million rubles (about $7,700 to $15,400) and up to five years in prison, even if the hacking causes little or no harm. Also R

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit
December 07, 2016Mohit Kumar
If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers. Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit kit, dubbed Stegano , hiding malicious code in the pixels of banner advertisements that are currently in rotation on several high profile news websites. Stegano originally dates back to 2014, but since early October this year, cyber crooks had managed to get the malicious ads displayed on a variety of unnamed reputable news websites, each with Millions of daily visitors. Stegano derived from the word Steganography , which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye. In this particular malvertising campaign, operators hide malicious code inside transparent PNG image's Alpha Channel, which def

Malvertising Campaign Hits Top Websites to Spread Ransomware

Malvertising Campaign Hits Top Websites to Spread Ransomware
March 18, 2016Unknown
Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation. Top Trustworthy sites such as The New York Times , BBC , MSN , AOL and many more are on the verge of losing their face value as a malwertized advertisement campaign are looming around the websites, according to SpiderLabs. Here's what Happens to Users when Clicking Ads on these Big Brand Sites: The advertisements on the legit sites trick users into clicking on it, making them believe that these circulated ads come from a trusted networks. Once clicked, the malicious Ad redirects the user to a malicious website that hosts Angler Exploit Kit (AEK) to infect visitors by installing malware and ransomware on their computer. Angler Exploit Kit includes many malicious hacking tools and zero-day exploits that let hackers execute drive-by attacks on visitors' computers. In this case, the Angler kit scan

Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites

Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites
January 07, 2016Swati Khandelwal
Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its

AOL Advertising Network Abused to Distribute Malware

AOL Advertising Network Abused to Distribute Malware
January 07, 2015Wang Wei
Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL  advertising  network . At the end of last year, Cyphort Labs, security firm specialized in detecting malware threats, came across some malicious advertisements that were being served on the United States and Canadian versions of the popular news website The Huffington Post . The malicious advertisements eventually redirected visitors of the news website to other websites hosting exploit kits, in order to attack victims' computers and install malware. Researchers discovered that the malvertising campaign originates with ads being served by AOL's Advertising.com network. Once clicked, users are redirected through a series of redirects, some of which used HTTPS encrypted connections, to a page that served either the Neutrino Exploit Kit or the Sweet Orange E

Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability

Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability
November 26, 2014Mohit Kumar
Adobe has rolled-out an urgent out-of-band update for a critical remote code-execution vulnerability in its popular Flash Player that is currently being exploited by hackers. The critical vulnerability ( CVE 2014-8439 ) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure. " The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does ," Kafeine said in a blog post . The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker's code in order to take control

Tracy Morgan Dead? Facebook Scam Targeting Users with Malware

Tracy Morgan Dead? Facebook Scam Targeting Users with Malware
June 28, 2014Wang Wei
Oh MY God! Is Tracy Morgan Really Dead? NO, Thankfully it's only a hoax, but scammers announced the popular comedian and actor Tracy Morgan dead. Another Facebook scam is circulating across the social networking website just a day before the former " Saturday Night Live " and " 30 Rock " star Tracy Morgan was critically hurt in a six-vehicle fatal accident on the New Jersey Turnpike that killed his friend and writer 62-year-old James McNair. With the rise in various scams on the popular social networking giant, Facebook that has more than one billion active users, it became very clear that not only does the social networking platform provide special opportunities for people to connect and share information, but serves as a great platform for scammers as well. TOTAL SCAM LEADS TO MALWARE Scammers spare no incident to target as many victims as possible, and this time they made use of this roadway accident to target users by spreading the fake Facebook videos proclaimin

Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums
June 13, 2014Swati Khandelwal
A new and relatively rare Zeus Trojan  program has found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim's computer. Researchers at RSA Security's FraudAction team have discovered this new and critical threat, dubbed as ' Pandemiya ', which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies. The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus . But, Pandemiya is something by far the most isolated and dangerous piece of malware

Cryptowall Ransomware Spreading Rapidly through Malicious Advertisements

Cryptowall Ransomware Spreading Rapidly through Malicious Advertisements
June 06, 2014Swati Khandelwal
Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker , Icepole , PrisonLocker , CryptoDefense and its variants. Now, the ransomware dubbed as Crytowall , a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others. Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense ( Trojan.Crypt

Netflix Users Targeted by Microsoft Silverlight Exploits

Netflix Users Targeted by Microsoft Silverlight Exploits
May 21, 2014Mohit Kumar
Netflix, the world's largest Internet Video Subscription service with more than 35.7 million customers in U.S alone, that runs on the Microsoft Silverlight platform, has now become a popular target for cybercriminals, as public awareness of Java and Flash flaws is increasing. Silverlight is a Microsoft's plug-in for streaming media on browsers, similar to Adobe Flash Player , that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflix's streaming video service. But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight. Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victim's computers with malware, especially through malicious ads. A recent

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest
February 26, 2014Swati Khandelwal
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Computers

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit
January 05, 2014Wang Wei
Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "

Prison Locker Ransomware, an upcoming malware threat in 2014

Prison Locker Ransomware, an upcoming malware threat in 2014
January 04, 2014Anonymous
Ransomware is one of the most blatant and obvious criminal's money making schemes out there. Ransomware malware was mostly known by the people when Cryptolocker comes into play. At the time when readers were getting aware of ransomware, Cryptolocker threat had touched the peak and other money motivated cyber criminals have started developing their own Cryptolocker versions. Two hackers going by the name of ' gyx ' and ' Porphyry ' (admin of maldev.net hacking forum) are advertizing a new ramsomware malware tool-kit called "Prison Locker" on various hacking forums with tutorials. They have developed the Prison Locker a.k.a Power Locker ramsomware toolkit in C/C++ programming language, proving a GUI version with customizable features for customers. The Ransomware is using BlowFish encryption to encrypt all available files on the victim's hard disk and shared drives except . exe , . dll , . sys , other system files. During encryption it will ge

More than 1,400 Financial institutions in 88 Countries targeted by Banking Trojan in 2013

More than 1,400 Financial institutions in 88 Countries targeted by Banking Trojan in 2013
December 22, 2013Swati Khandelwal
As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army , financial malware and exploit kits, Cryptolocker ransomware infections, massive  Bitcoin theft, extensive privacy breach from NSA and many more. The financial malware's were the most popular threat this year. Money is always a perfect motivation for attackers and cyber criminals who are continually targeting financial institutions. On Tuesday, Antivirus firm Symantec has released a Threat report, called " The State of Financial Trojans: 2013 ", which revealed that over 1,400 financial institutions have been targeted and compromised millions of computers around the globe and the most targeted banks are in the US with 71.5% of all analyzed Trojans. Financial institutions have been fighting against malware for the last ten years to protect their customers and online transactions from threat. Over the time the attackers adapted to these counter
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.