Infinity Technology

31/07/2023

The cybersecurity firm also told the publication that two of the IcedID forks that emerged in the wild in February 2023 sans the banking fraud and BackConnect modules have not been detected in the wild recently, suggesting that they could have been short-lived experiments.

"In examining management infrastructure associated with IcedID BC, we are also able to discern a pattern of multiple distinct accesses from users we assess to be both associated with the day to day operations of IcedID, and their affiliates who interact with victim hosts post-compromise," Team Cymru said.

"The evidence in our NetFlow data suggests that certain IcedID victims are used as proxies in spamming operations, enabled by BC's SOCKS capabilities. This is a potential double blow for victims, not only are they compromised and incurring data / financial loss, but they are also further exploited for the purposes of spreading further IcedID campaigns."

31/07/2023

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.

AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors. It has also surpassed QakBot in terms of scale, having infiltrated over 41,000 nodes located across 20 countries worldwide.

"The malware has been used to create residential proxy services to shroud malicious activity such as password spraying, web-traffic proxying, and ad fraud," the researchers said in the report.

This has been corroborated by new findings from KrebsOnSecurity and Spur.us, which last week revealed that "AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online."

The basis for the connection stems from direct correlations between SocksEscort and AVRecon's command-and-control (C2) servers. SocksEscort is also said to share overlaps with a Moldovan company named Server Management LLC that offers a mobile VPN solution on the Apple Store called HideIPVPN.

Black Lotus Labs told The Hacker News that the new infrastructure it identified in connection with the malware exhibited the same characteristics as the old AVrecon C2s.

AVRecon Botnet
The new SocksEscort nodes, which shifted during the second week of July (Source: Lumen Black Lotus Labs)
"We assess that the threat actors were reacting to our publication and null-routing of infrastructure, and attempting to maintain control over the botnet," the company said. "This suggests the actors wish to further monetize the botnet by maintaining some access and continue enrolling users in the SocksEscort 'proxy as a service.'"

01/02/2022

https://chat.whatsapp.com/KiLDND4wIifFKaoD26wEiB

WhatsApp Group Invite

05/11/2021

Simple using ++


int main()
{
int age{};
std::cout age;
std::cout

03/11/2021

Which level do you want to be ?

Contact us and be the on

03/11/2021

HOW DOES A WEBSITE WORK

When you visit a website, the web server
hosting that site could be anywhere in the
world. In order for you to find the location of
the web server, your browser will first connect
to a Domain Name System (DNS) server

02/11/2021

Testing and building

20/10/2021

Want to learn programming the easy way? Contact us