constella intelligence – Page 2 – Computer Security Articles

Who’s Behind the DomainNetworks Snail Mail Scam?

July 3, 2023 admin A Little Sunshine, Better Business Bureau, Breadcrumbs, constella intelligence, distributorinvoice@mail.com, domainnetworks, domaintools, eliran benz, Houzz, publicwww, sam alon, shenhavgroup@gmail.com, shmuel orit alon, tropicglobal@gmail.com, ubsagency@gmail.com, united business service, united business services, us domain authority llc, weblistingsinc.net, whmcs.com

Credit to Author: BrianKrebs| Date: Mon, 03 Jul 2023 14:56:35 +0000

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.

Independent Krebs

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 admin +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, Intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 admin 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, DomainTools.com, featar24, fitis, Flashpoint, glavmed, Intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., Spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs

Interview With a Crypto Scam Investment Spammer

May 22, 2023 admin arkose labs, Breadcrumbs, constella intelligence, domaintools, edgard011012@gmail.com, lolzteam, Mastodon, mondi group, moonxtrade, msr-sergey2015@yandex.ru, Ne'er-Do-Well News, quot.pw, renaud chaput, sergey proshutinskiy, tgm, Twitter, Web Fraud 2.0, ципа

Credit to Author: BrianKrebs| Date: Tue, 23 May 2023 00:15:30 +0000

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Independent Krebs

$10M Is Yours If You Can Get This Guy to Leave Russia

May 9, 2023 admin 79608229389, A Little Sunshine, Breadcrumbs, constella intelligence, denis gennadievich kulkov, Intel 471, Joker's stash, k022yb190, kreenjo, mazafaka, Ne'er-Do-Well News, nordex, nordexin, nordia@yandex.ru, polkas@bk.ru, try2check, u.s. department of justice, u.s. department of state, U.S. Secret Service, Unicc, vault market

Credit to Author: BrianKrebs| Date: Fri, 05 May 2023 01:50:08 +0000

The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov’s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.

Independent Krebs

Giving a Face to the Malware Proxy Service ‘Faceless’

April 18, 2023 admin accessapproved, asus666, constella intelligence, denis viktorovich pankov, faceless, Flashpoint, gaihnik, lesstroy@mgn.ru, liberty reserve, mrmurza, Ne'er-Do-Well News, omega^gg4u, riley kilmer, Shodan, spur.us, u1018928, vadim panov, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 18 Apr 2023 20:59:39 +0000

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Independent Krebs

Who’s Behind the NetWire Remote Access Trojan?

March 9, 2023 admin A Little Sunshine, Breadcrumbs, constella intelligence, domaintools, dugidox, FBI, mario zanko, Ne'er-Do-Well News, netwire rat

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2023 18:52:25 +0000

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

Independent Krebs

Who’s Behind the Botnet-Based Service BHProxies?

February 24, 2023 admin A Little Sunshine, abdala tawfik, abdalla khafagy, bhproxies, bitsight, constella intelligence, hassan_isabad_subar, Intel 471, lewklabs, minerva labs, mylobot, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 24 Feb 2023 19:51:23 +0000

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.