Approach me at dancho.danchev@hush.com
Wednesday, November 15, 2017
Project Proposal - Cybercrime Research - Seeking Investment
Approach me at dancho.danchev@hush.com
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Book Proposal - Seeking Sponsorship - Publisher Contact
Approach me at ddanchev@cryptogroup.net
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Thursday, November 09, 2017
New Mobile Malware Spotted in the Wild, Hundreds of Users Affected
We've recently, intercepted, a
currently, circulating, malicious, spam, campaign, affecting,
hundreds, of users, globally, potentially, exposing, the,
confidentiality, availability, and, integrity, of, their, devices,
to, a, multi-tude, of, malicious, software. Largely, relying, on, a,
multi-tude, of social engineering, vectors, the, cybercriminals,
behind, the, campaign, have, managed, to, successfully, impersonate,
Adobe Flash Player, users, into, thinking, that, they're, visiting,
a, legitimate, Web
site, on, their, way, to, infect,
their, devices, relying, on, bogus "Please update Flash on
your device", messages.
Over, the, last, couple, of, years,
we've, been, monitoring, an, increase, in rogue Google Play, type,
of, Android, applications, capable, rogue online Web sites, tricking,
tens, of, thousands, of, users, on, a, daily, basis, into,
installation, rogue, applications, largely, relying, on, a,
multi-tude, of, social engineering, vectors. Next, to, rogue, online,
Web, sites, we've, been, also, actively, monitoring, an, increase,
in, compromised, Web sites, serving, malicious, software,
potentially, exposing, the, confidentiality, availability, and,
integrity, of, their, devices, to, a, multi-tude, of, malicious,
software. We've, been, also, busy, monitoring, an, increase, in,
ongoing, monetizing, of, hijacked, traffic, type, of, underground,
market, traffic, exchanges, with, more, cybercriminals, successfully,
monetizing, the, hijacked, traffic, while, earning, fraudulent,
revenue, in the, process.
In, this, post, we'll, profile, the,
malicious, campaign, provide, actionable, intelligence, on, the,
infrastructure, behind, it, and, discuss, in-depth, the, tactics,
techniques, and, procedures, of, the, cybercriminals, behind, it.
Related malicious MD5s known to have
participated in the campaign:
MD5: 288ad03cc9788c0855d446e34c7284ea
Related malicious URLS known to have
participated in the campaign:
hxxp://brutaltube4mobile.com -
37.1.200.202
hxxp://xxxvideotube.org - 5.45.112.27;
37.140.192.196; 184.82.244.166
Known to have responded to the same
malicious C&C server IP (37.1.200.202), are, also, the following
malicious domains:
hxxp://nudism-nudist.com
hxxp://yumail.site
hxxp://hot-images.xyz
hxxp://nudism-klub.com
hxxp://nudism-nudist.com
hxxp://family-naturism.org
hxxp://teen-nudism.com
hxxp://family-naturism.net
hxxp://teen-media.net
hxxp://01hosting.biz
hxxp://jp-voyeur.com
hxxp://link-protector.biz
hxxp://brutaltube4mobile.com
hxxp://adobeupdate.org
hxxp://australiamms.com
hxxp://brutaltube4mobile.com
hxxp://donttreadonmike.com
hxxp://german-torrent.com
hxxp://fondazion.com
hxxp://derechosmadre.org
hxxp://torsearch.net
hxxp://4mytelecharger55.net
hxxp://4mytelecharger66.net
hxxp://fondazion.net
hxxp://fondazion.org
hxxp://sevajug.org
hxxp://defilez2.net
hxxp://downloadfrance22.com
hxxp://derechosmadretierra.org
Related malicious MD5s, known, to,
have, phoned, back, to, the, same, C&C server IPs
(brutaltube4mobile.com - 37.1.200.202):
MD5: 18327d619484112f81dc7da4169ba088
MD5: 090f7349fef4e1624393383e145d5982
MD5: d2e3d9d0e599cfce1af8b2777c3a071a
Related malicious MD5s known to have
phoned back to the same C&C server IP (xxxvideotube.org -
5.45.112.27; 37.140.192.196; 184.82.244.166):
MD5: 288ad03cc9788c0855d446e34c7284ea
Once executed a sample malware
phones back to the following C&C server IPs:
hxxp://5.196.121.148
Related malicious MD5s known to have
phoned back to the same C&C server IP (5.196.121.148):
MD5: 7bef1c5e0dcf5f6fd152c0723993e378
MD5: 10e6c3f050b24583abf708d6afb34db2
MD5: 5a122660a3d54d9221500224f103d7b0
Thanks, to, the, overall, availability,
of, mobile, affiliate, network, type, of, monetization, vectors, we,
expect, to, continue, observing, an, increase, in, mobile, malware,
type, of, fraudulent, and, rogue, Web sites, serving, malicious,
software, to, unsuspecting, users, internationally.
We'll, continue, monitoring, the,
market, segment, for, mobile, malware, and, post, updated, as, soon,
as, new, developments, take, place.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)