Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Targeting Popular Job Recruitment Portals About More Than PII

Job listing and recruitment portals have been an attraction for cybercriminals given the volume of personal information uploaded to those sites in the form of resumes, cover letters and other data specific to individuals. But there’s more to criminals’ interest than just stealing personally identifiable information. Security shortcomings on some of these sites can expose […]

Read more

Card Shops Endure as a Primary Method of Fraud

Underground card shops endure because they are the epitome of a centralized criminal economy. At their highest levels, card shops are stood up by an established infrastructure, a team accountable for the product, and reputations that translate to revenue. Despite many gains by the law enforcement and private-sector research communities, card shops figure to remain […]

Read more

Trickbot and IcedID Botnet Operators Collaborate to Increase Impact

Different banking malware operations previously competed for victims, often seeking out and uninstalling one another upon compromising machines; for example, the SpyEye malware would uninstall Zeus upon infection. Now, in what may indicate a shift toward more collaboration among cybercrime groups, the operators of the IcedID and TrickBot banking Trojans appear to have partnered and […]

Read more

Latin American “Bineros” Ramping Up Fraudulent Activity

Fraudulent activity among Latin American cybercriminals, known as bineros, continues to plague online streaming services and retailers operating in the region. The source of this death-by-a-thousand-cuts type of fraud is an undetermined issue with the validation of BINs. Bineros operate in Spanish-language (and some Portuguese-language) Latin-American underground communities and focus on the hunt for security […]

Read more

TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked

The source code for a longstanding point-of-sale (PoS) malware family called TreasureHunter has been leaked on a top-tier Russian-speaking forum. Compounding the issue is the coinciding leak by the same actor of the source code for the malware’s graphical user interface builder and administrator panel. The availability of both code bases lowers the barrier for […]

Read more

Threat Actors Shift to Android-Based Carding, Struggle with iOS

By Flashpoint Analyst Team
May 9, 2018

Cybercriminals operating on Russian-language Deep & Dark Web (DDW) forums are demonstrating an increased interest in using mobile operating systems—specifically Android—to evade detection when using stolen payment card data to make fraudulent purchases online, Flashpoint analysts said. Since these schemes, known as carding, are typically carried out using desktop computers, many cybercriminals seem to believe […]

Read more

BEC: All We Need is Love and Mules

Business Email Compromise (BEC) scams have for years ensnared executives inside large organizations, including decision-makers at the highest levels who are duped by clever social engineering into transferring sometimes millions of dollars into a fraudulent account. A growing segment of this type of attack, however, plays on the heartstrings of the lonely and preys on […]

Read more

Botnet Operators Cash in on Travel Rewards Program Credentials

Flashpoint analysts have been tracking several small specialty shops in the Russian-language underground advertising access to the login credentials of customer accounts for travel and hospitality rewards points programs. Since the observed vendors appear to offer a small number of accounts from a large number of institutions, Flashpoint analysts believe the accounts were obtained incidentally […]

Read more

‘Rubella Macro Builder’ Crimeware Kit Emerges on Underground

A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection. First offered for sale in late February for the relatively […]

Read more