Author Archives: Dancho Danchev

We’ve recently intercepted, a currently ongoing malicious malvertising attack, affecting thousands of users globally, potentially exposing their PCs, to, a multitude of malicious software, compromising, the, integrity, confidentiality, and, availabilit… Continue reading Cybercriminals Launch Malicious Malvertising Campaign, Thousands of Users Affected→

Malicious attackers, have, managed, to, infiltrate, and populate, Google Play, with, hundreds, of rogue, applications, exposing, users, to mobile, malware, compromising, the, integrity, of, their, devices, and, exposing, them, to, misleading, advertise… Continue reading Hundreds of Google Play Apps Comrpromised, Lead to Mobile Malware→

Looking for a full time threat intelligence analyst, cybercrime researcher, or, a, security blogger?

Send your proposition to: ddanchev@protonmail.ch

Continue reading DDanchev is for Hire!→

Dear blog readers, I would like to let you know, of my latest, publicly released report, on the topic of “Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran”, a comprehensive, 45 pages, assessment, of Iran’s cyb… Continue reading Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran – Report→

Historical OSINT is a crucial part of an intelligence analyst’s mindset, further positioning a growing or an emerging trend, as a critical long term early warning system indicator, highlighting the importance, of current and emerging trends.

In thi… Continue reading Historical OSINT – How TROYAK-AS Utillized BGP-over-VPN to Serve the Avalance Botnet→

Cybercriminals continue multitasking, on their way to take advantage of well proven fraudulent revenue sources, further, positioning themselves as opportunistic market participants, generating fraudulent revenues, standardizing and innovating within th… Continue reading Historical OSINT: OPSEC-Aware Sprott Asset Management Money Mule Recruiters Recruit, Serve Crimeware, And Malvertisements→

I’ve recently spotted a malicious, cybercrime-friendly SWF iframe/redirector injecting service, that also exposes a long-run Win32.Nixofro serving malicious infrastructure, currently utilized for the purpose of operating a rogue social media service pr… Continue reading Win32.Nixofro Serving, Malicious Infrastructure, Exposes Fraudulent Facebook Social Media Service Provider→

With cybercriminals continuing to populate the cybercrime ecosystem with automatically generated and monetized mobile malware variants, we continue to observe a logical shift towards convergence of cybercrime-friendly revenue sharing affiliate networks… Continue reading Rogue Android Apps Hosting Web Site Exposes Malicious Infrastructure→

The following is a brief summary of all of my posts at Webroot’s Threat Blog for May, 2014. You can subscribe to Webroot’s Threat Blog RSS Feed, or follow me on Twitter:

01. Legitimate software apps impersonated in a blackhat SEO-friendly PUA (Pote… Continue reading Summarizing Webroot’s Threat Blog Posts for May→

The following is a brief summary of all of my posts at Webroot’s Threat Blog for March, 2014. You can subscribe to Webroot’s Threat Blog RSS Feed, or follow me on Twitter:

01. Deceptive ads expose users to PUA.InstallBrain/PC Performer PUA (Poten… Continue reading Summarizing Webroot’s Threat Blog Posts for March→