DomainTools.com – WindowsTechs.com

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Posted on April 10, 2024 by BrianKrebs

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to redirect to “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets. Continue reading Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers→

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Posted on April 3, 2024 by BrianKrebs

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. Continue reading ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec→

The Not-so-True People-Search Network from China

Posted on March 21, 2024 by BrianKrebs

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Continue reading The Not-so-True People-Search Network from China→

From Cybercrime Saul Goodman to the Russian GRU

Posted on February 7, 2024 by BrianKrebs

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency of the Russian Federation. Continue reading From Cybercrime Saul Goodman to the Russian GRU→

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Posted on January 17, 2024 by BrianKrebs

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Continue reading E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop→

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Posted on September 27, 2023 by BrianKrebs

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. Continue reading ‘Snatch’ Ransom Group Exposes Visitor IP Addresses→

Who and What is Behind the Malware Proxy Service SocksEscort?

Posted on July 25, 2023 by BrianKrebs

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Continue reading Who and What is Behind the Malware Proxy Service SocksEscort?→

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Posted on June 1, 2023 by BrianKrebs

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. Continue reading Ask Fitis, the Bear: Real Crooks Sign Their Malware→

A Serial Tech Investment Scammer Takes Up Coding?

Posted on April 3, 2023 by BrianKrebs

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “CodesToYou,” which purports to be a “full cycle software development company” based in the U.K. Continue reading A Serial Tech Investment Scammer Takes Up Coding?→

Who’s Behind the ‘Web Listings’ Mail Scam?

Posted on March 23, 2020 by BrianKrebs

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on beh… Continue reading Who’s Behind the ‘Web Listings’ Mail Scam?→