@cyberalerts.io
//
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.
The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets.
The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams.
Recommended read:
References :
- Talkback Resources: FBI warns of malware-laden websites posing as free file converters, leading to ransomware attacks and data theft.
- gbhackers.com: Beware! Malware Hidden in Free Word-to-PDF Converters
- www.bitdefender.com: Free file converter malware scam “rampant� claims FBI
- Malwarebytes: Warning over free online file converters that actually install malware
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- bsky.app: @bushidotoken.net has dug up some IOCs for the FBI's recent warning about online file format converters being used to distribute malware
- Help Net Security: FBI: Free file converter sites and tools deliver malware
- www.techradar.com: Free online file converters could infect your PC with malware, FBI warns
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- Security | TechRepublic: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
- securityaffairs.com: The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
- The DefendOps Diaries: FBI warns against fake file converters spreading malware and stealing data. Learn how to protect yourself from these cyber threats.
- PCMag UK security: PSA: Be Careful Around Free File Converters, They Might Contain Malware
- www.bleepingcomputer.com: FBI warnings are true—fake file converters do push malware
- www.techradar.com: FBI warns some web-based file management services are not as well-intentioned as they seem.
- www.csoonline.com: Improvements Microsoft has made to Office document security that disable macros and other embedded malware by default has forced criminals to up their innovation game, a security expert said Monday.
- www.itpro.com: Fake file converter tools are on the rise – here’s what you need to know
- Cyber Security News: The FBI Denver Field Office has warned sternly about the rising threat of malicious online file converter tools. These seemingly harmless services, often advertised as free tools to convert or merge files, are being weaponized by cybercriminals to install malware on users’ computers. This malware can have devastating consequences, including ransomware attacks and identity theft. […]
@The DefendOps Diaries
//
Cybercriminals are actively targeting SEO professionals through a sophisticated phishing campaign that exploits Google Ads. The attackers are using fake Semrush advertisements to trick users into visiting deceptive login pages designed to steal their Google account credentials. This campaign is a new twist in phishing, going after users of the Semrush SaaS platform, which is popular among SEO professionals and businesses, and is trusted by 40% of Fortune 500 companies.
This scheme is effective due to the SEO professionals' trust in Semrush, a platform used for advertising and market research. The malicious ads appear when users search for Semrush and redirect them to counterfeit login pages, which look similar to legitimate Semrush URLs. The attackers register domain names that closely resemble real Semrush domains and the only login option is with a Google account, harvesting Google account information for further malicious activities. This provides the attackers with valuable access to Google Analytics and Google Search Console, giving them insight into the companies' financial performance.
Recommended read:
References :
- The DefendOps Diaries: Cybercriminals exploit Google Ads to target SEO pros, using fake Semrush ads to steal Google credentials.
- Help Net Security: Malicious ads target Semrush users to steal Google account credentials
- Malwarebytes: Semrush impersonation scam hits Google Ads
- www.tripwire.com: Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- bsky.app: Fake Semrush ads used to steal SEO professionals’ Google accounts
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- : Threat actors are looking to compromise Google accounts to further malvertising and data theft
- Email Security - Blog: Cyber criminals have launched a sophisticated phishing campaign that exploits the trusted reputation of Semrush — an SEO firm that's captured of Fortune 500 brands as customers — to compromise Google account credentials.
- gbhackers.com: Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials
@www.bleepingcomputer.com
//
Operation Talent, a large-scale international law enforcement effort, has successfully dismantled two major cybercrime forums, Cracked and Nulled. These platforms, with a combined user base exceeding 9 million, were hubs for the distribution of illegal goods, including stolen data, malware, and hacking tools. The operation, led by German authorities with the cooperation of eight countries, involved the seizure of 12 domains, 17 servers, over 50 electronic devices, and approximately €300,000 in cash and cryptocurrencies. Two individuals were arrested in Spain and are believed to be the main operators of both forums and related services.
The takedown of Cracked and Nulled, executed between January 28th and 30th, also targeted associated services like Sellix, a payment processor used by Cracked, and StarkRDP, a hosting service promoted on both platforms. Investigators estimate that the suspects generated around €1 million in criminal proceeds through these illegal activities. Europol played a key role, providing forensic and analytical support to the authorities. The collaborative effort highlights the growing threat of “cybercrime-as-a-service”, where readily available tools and infrastructure are used to launch attacks by those with varying levels of technical knowledge.
Recommended read:
References :
- ciso2ciso.com: International Operation Dismantles Cracked and Nulled Cybercrime Hubs – Source: www.infosecurity-magazine.com
- www.bleepingcomputer.com: Police seizes Cracked and Nulled hacking forum servers, arrests suspects
- www.helpnetsecurity.com: Cybercrime forums Cracked and Nulled seized, operators arrested
- www.the420.in: Global Cybercrime Forums Cracked and Nulled Shut Down in International Sting Operation
- Pyrzout :vm:: International Operation Dismantles Cracked and Nulled Cybercrime Hubs – Source: www.infosecurity-magazine.com
- Techmeme: Europol and German law enforcement arrest two suspects and seize 17 servers to take down Cracked and Nulled, two of the largest hacking forums with 10M+ users
- securityonline.info: Europol Smashing Cybercrime Hubs: Cracked & Nulled Taken Down
- www.techmeme.com: Techmeme summarizes the news about the Europol takedown of Cracked and Nulled hacking forums, citing BleepingComputer as a source.
- securityonline.info: Security Online summarizes the Europol operation that led to the takedown of Cracked and Nulled cybercrime forums.
- The Hacker News: The Hacker News reports on the authorities seizing the domains of popular hacking forums as part of a major cybercrime crackdown.
- Help Net Security: Cybercrime forums Cracked and Nulled seized, operators arrested
- hackread.com: Operation Talent: Two Arrested as Authorities Dismantle Cracked and Nulled
- cyberinsider.com: This article discusses Europol and the FBI's coordinated takedown of the large cybercrime forums, Cracked and Nulled.
- CyberInsider: In a coordinated international effort, Europol and the FBI have dismantled Cracked.io and Nulled.to, two of the world's largest cybercrime forums, seizing their domains and shutting down associated services.
- securityaffairs.com: Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
- socradar.io: Operation Talent: FBI Takes Down Cracked.io and Nulled.to in Global Cybercrime Crackdown
- techcrunch.com: International police coalition takes down two prolific cybercrime and hacking forums
- www.justice.gov: This website contains the latest news about cybersecurity incidents and attacks.
- BleepingComputer: Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users.
- infosec.exchange: NEW: An international coalition of law enforcement agencies announced it has seized and taken down two prominent hacking forums with more than 10 million users. German police called Cracked and Nulled “the world’s two largest trading platforms for cybercrime.� Operation has also led to several arrests, searches of properties, as well as seizure of servers, electronic devices, cash, and cryptocurrency.
- : U.S. Department of Justice : See parent toot above for EUROPOL announcement. The U.S. DOJ finally has their own press release for the takedown of cybercrime forums Cracked and Nulled. It has substantially more information about each case, definitely worth a read.
- The420.in: Global authorities have dismantled Cracked.io and Nulled.to, two major cybercrime forums with 10M+ users.
- DataBreaches.Net: Law enforcement has been busy. As reported yesterday, Cracked and Nulled forums were seized along with services associated with them financially.
- thecyberexpress.com: This website provides cybersecurity news and updates on various attacks.
@cyberinsider.com
//
Dutch Police have dismantled the ZServers/XHost bulletproof hosting operation, seizing 127 servers. The takedown follows a year-long investigation into the network, which has been used by cybercriminals to facilitate illegal activities. This includes the spread of malware, botnets, and various cyberattacks.
Earlier this week, authorities in the United States, Australia, and the United Kingdom announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations. ZServers was accused of facilitating LockBit ransomware attacks and supporting the cybercriminals' efforts to launder illegally obtained money, according to The Record. The Cybercrime Team Amsterdam will conduct an additional probe of the servers, as the company advertised the possibility for customers to allow criminal acts from its servers while remaining anonymous to law enforcement.
Recommended read:
References :
- cyberinsider.com: Police Dismantle Bulletproof Hosting Provider ZServers/XHost
- gbhackers.com: Dutch Authorities Dismantle Network of 127 Command-and-Control Servers
- www.bleepingcomputer.com: The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform.
- www.scworld.com: Zservers/XHost servers dismantled by Dutch police
- Metacurity: Dutch cops dismantle ZServers bulletproof hosting operation
- BleepingComputer: The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform.
- CyberInsider: Police Dismantle Bulletproof Hosting Provider ZServers/XHost
- DataBreaches.Net: Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
- www.politie.nl: Politie Amsterdam ontmantelt digitaal crimineel netwerk; 127 servers offline gehaald - "an investigation of over a year, dismantled a bulletproof hoster on the Paul van Vlissingenstraat in Amsterdam. During the raid on February 12, 127 servers were taken offline and seized."
- Cybernews: After a year-long investigation, Amsterdam's Cybercrime Team shut down a bulletproof hosting provider, seizing 127 servers.
- securityaffairs.com: Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
MalBot@malware.news
//
The Australian Cyber Security Centre (ACSC) is actively targeting Bulletproof Hosting Providers (BPH) to disrupt cybercrime networks. BPH services are crucial to cybercriminals, providing the infrastructure needed to conduct malicious operations while avoiding detection. These services are integral to the Cybercrime-as-a-Service (CaaS) ecosystem, enabling attacks ranging from ransomware campaigns to data theft and phishing scams.
The ACSC has issued a detailed warning regarding BPH. What sets them apart is their blatant disregard for legal requests to shut down services, as they refuse to comply with takedown orders or abuse complaints from victims or law enforcement. The Australian government’s efforts highlight the increasing difficulty for cybercriminals to maintain secure, resilient, and hidden infrastructures.
BPH providers lease virtual or physical infrastructure to cybercriminals. This allows them to run their operations. These services often include leasing IP addresses and servers that obscure the true identities of their customers. Many BPH providers achieve this by utilizing complex network switching methods, making it difficult to trace activity back to its source.
Recommended read:
References :
- Pyrzout :vm:: Australian Cyber Security Centre Targets Bulletproof Hosting Providers to Disrupt Cybercrime Networks
- ciso2ciso.com: Australian Cyber Security Centre Targets Bulletproof Hosting Providers to Disrupt Cybercrime Networks
- malware.news: Australian Cyber Security Centre Targets Bulletproof Hosting Providers to Disrupt Cybercrime Networks
|
|
FlagThis - #cybercriminals