constella intelligence – Page 3 – Computer Security Articles

Who’s Behind the Botnet-Based Service BHProxies?

February 24, 2023 admin A Little Sunshine, abdala tawfik, abdalla khafagy, bhproxies, bitsight, constella intelligence, hassan_isabad_subar, Intel 471, lewklabs, minerva labs, mylobot, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 24 Feb 2023 19:51:23 +0000

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Independent Krebs

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

November 28, 2022 admin A Little Sunshine, arello-mobile, army times, constella intelligence, foreign adtech, intelligence authorization act for 2023, Latest Warnings, max konev, national training center, pincer trojan, pushwoosh, Reuters, The Coming Storm, u.s. army, yuri shmakov, zach edwards

Credit to Author: BrianKrebs| Date: Mon, 28 Nov 2022 22:08:21 +0000

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

Independent Krebs

Breach Exposes Users of Microleaves Proxy Service

July 28, 2022 admin A Little Sunshine, abhishek gupta, acidut, alexandru florea, alexandru iulian florea, blackhatworld, Breadcrumbs, constella intelligence, cpaelites, Hackforums, Intel 471, microleaves, Ne'er-Do-Well News, nevo.julian, online.io, residential proxy, reverseproxies, shifter.io, socks proxy

Credit to Author: BrianKrebs| Date: Thu, 28 Jul 2022 18:52:28 +0000

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can — such as by secretly bundling it with other software.

Independent Krebs

The Link Between AWM Proxy & the Glupteba Botnet

June 28, 2022 admin A Little Sunshine, alureon, awm proxy, Breadcrumbs, constella intelligence, dennstr, dmitry starovikov, domaintools, ESET, glupteba botnet, google, kaspersky lab, lycefer, meris, Ne'er-Do-Well News, pay-per-install, riley kilmer, rootkit, rsocks botnet, spur.us, tdl-4, tdss, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Independent Krebs

Meet the Administrators of the RSOCKS Proxy Botnet

June 22, 2022 admin 79136334444, A Little Sunshine, Breadcrumbs, constella intelligence, denis "neo" kloster, exploit, internet advertising omsk, istanx@gmail.com, Ne'er-Do-Well News, rsocks botnet, rusdot, sl mobpartners, spamdot, stanx, stanx@rusdot.com, u.s. department of justice, verified

Credit to Author: BrianKrebs| Date: Wed, 22 Jun 2022 13:06:34 +0000

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world’s top Russian spamming forum.

Independent Krebs

Who is the Network Access Broker ‘Wazawaka?’

February 2, 2022 admin 902228, abakan, abaza, Breadcrumbs, constella intelligence, cs-arena.org, darkside, ddosis.ru, devdelphi@yandex.ru, domaintools, Flashpoint, initial access broker, kopyovo-a, lockbit, mikhail matveev, mikhail mix matveev, mix@devilart.net, mixfb@yandex.ru, Ne'er-Do-Well News, ransomware, uhodiransomware, wazawaka

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.