↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: spam

Post navigation

1 2 3 4 … 69 70 >>

Another Agenttesla campaign using a compromised Iraq Government site

My Online Security Posted on 8 October 2019 7:14 am by Myonlinesecurity8 October 2019 7:14 am 3

WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I don’t always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. This version is noteworthy because the Exfil / C2 is  an Iraq government site which “should” be 100% secure but obviously isn’t. The email is the usual junk email that should be blocked by most … Continue reading →

Posted in Malware, Scam, Spam | Tagged AgentTesla, malware, scam, spam | 3 Replies

Very strange Barclays bank Phishing Scam

My Online Security Posted on 23 September 2019 7:11 am by Myonlinesecurity23 September 2019 7:11 am  
phishing

We see lots of phishing attempts for email credentials.  This one is quite strange and weird, It pretends to be a message from Barclays Bank  to update card details. I don’t know what is happening but several  times I tried, I get redirected to the genuine Barclays Bank website. But from anyrun using MITM and sometimes from my home IP address in UK I can get sometimes get to  the phishing site.  https://barclays-form.icu/  This is a very complicated chain of events, I ran this through anyrun using several different settings and got different results many times. Anyrun reports: [1] [2] … Continue reading →

Posted in Phishing, Scam, Spam | Tagged Bank, Barclays, phishing, scam, spam | Leave a reply

Some changes to Remcos Rat persistence method

My Online Security Posted on 22 September 2019 6:55 am by Myonlinesecurity22 September 2019 6:55 am  

It looks like we are seeing a few changes to the Remcos RAT install & persistence method. Over the last couple of weeks I have noticed a few tweaks to the persistence & auto start of several Remcos Rat versions. Today it has changed again to try to bypass protections. This all starts with the usual spam email, today’s ( or rather last night’s)  was a fake invoice in a .iso / .img container.  As you c an see from the virustotal reports .img containers are generally pretty poorly detected so are more likely to bypass perimeter defences. Once the … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam | Tagged keylogger, REMCOS RAT, spam | Leave a reply

Keybase keylogger via fake indofuels invoice

My Online Security Posted on 21 September 2019 12:14 pm by Myonlinesecurity21 September 2019 12:14 pm 1

We don’t see a lot of malware at weekends in UK, so it was a bit of a surprise to get a whole swathe on emails overnight pretending to be an invoice from indofuels. The keylogger and info / credential stealer the criminals are using this weekend is Keybase,. I personally haven’t seen keybase for a couple of years, although reports of sporadic campaigns & infected computers are seen occasionally with a slight resurgence over the last week or so.  I thought keybase had effectively stopped being distributed or used a couple of years ago, when the original developer stopped … Continue reading →

Posted in Malware | Tagged invoice, keybase, keylogger, malware, spam | 1 Reply

Fake TNT delivery drops WSHRAT via DiscordApp

My Online Security Posted on 19 September 2019 6:52 am by Myonlinesecurity20 September 2019 6:06 am  

It seems to be the week for harder to analyse & dodgy delivery systems that more carefully target specific countries / regions or even specific  isps. Yesterday we saw a fake e-fax notification in German language that eventually led to a Buran ransomware. I couldn’t analyse that one properly or get the full payload, but with lots of help from many Twitter contacts, the ransomware payload  was soon discovered, downloaded and submitted. Today I have received a fake TNT delivery / collection notice that has a link in the email body that downloads a zip file. Inside the zip is … Continue reading →

Posted in Malware | Tagged DiscordApp, dunhini, H-Rat, houdini, javascript, malware, scam, spam, tnt, WSHrat | Leave a reply

Fake invoice tries to deliver Remcos RAT

My Online Security Posted on 18 September 2019 6:25 am by Myonlinesecurity18 September 2019 6:25 am  

This is a strange & slightly more difficult than usual to analyse  malware, mainly because the bad actor appears to have made a total mess of the distribution. I do not know if this will actually run on a proper computer, it obviously doesn’t like a sandbox / VM . The email was received with a .dat extension, which is what Outlook  or the mail server often changes unknown extensions to. This dat file is actually a zip file. It does extract to a .pif and a jpg  image file of an invoice. The pif is not a windows shortcut … Continue reading →

Posted in Malware, Scam, Spam | Tagged invoice, malware, REMCOS RAT, scam, spam | Leave a reply

A Friday the 13th failure for Agenttesla campaign

My Online Security Posted on 13 September 2019 7:57 am by Myonlinesecurity13 September 2019 7:57 am  

It looks like Friday the 13th  is unlucky for this malware bad actor, trying to deliver yet another AgentTesla keylogger / info-stealer  because as far as I can tell this malware chain is broken so the victim should not get the payload. WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I don’t always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times … Continue reading →

Posted in Malware, Scam, Spam | Tagged AgentTesla, malware, phishing, scam, sendspace, spam | Leave a reply

More AgentTesla keylogger campaigns

My Online Security Posted on 12 September 2019 9:12 am by Myonlinesecurity12 September 2019 9:12 am  

WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I don’t always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. Today’s other versions are tweeted Here & Here This  version today  is more noticeable and worth mentioning for several reasons. The alleged sender pricolcargo.com has appeared in the lists of spoofed companies for literally ages, … Continue reading →

Posted in Malware, Scam, Spam | Tagged AgentTesla, malware, phishing, scam, spam | Leave a reply

AgentTesla keylogger campaigns continue

My Online Security Posted on 11 September 2019 7:52 am by Myonlinesecurity11 September 2019 7:52 am  

WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. I don’t often post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. Today’s version is very slightly different and pretends to be a Bank Transfer Payment Notification allegedly coming from The Hongkong and Shanghai Banking Limited. The email is the usual junk email that should be blocked by most spam filters. The attachment is a .rar file … Continue reading →

Posted in Malware, Phishing, Scam, Spam | Tagged AgentTesla, malware, phishing, scam, spam | Leave a reply

Fake DHL email delivers an unknown keylogger coupled with a phishing scam

My Online Security Posted on 8 September 2019 10:33 am by Myonlinesecurity9 September 2019 7:15 am  
office macro malware

I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled  word doc attachment that eventually downloads some sort of Keylogger. There is some dispute as to what the actual Keylogger is. Some AV on VirusTotal describe it as an AgentTesla generic, whereas Anyrun app calls it Sentinel. I don’t think either are 100% correct. DHL_FORM.doc       Current Virus total detections: Anyrun | This malware doc  downloads from https://heritagebank.ga/Quotation.exe  ( Virustotal) which is behind cloudflare and also is  a phishing site for the genuine heritage … Continue reading →

Posted in macro virus, Malware, Phishing | Tagged Heritage Bank, keylogger, Macro, phishing, scam, spam | Leave a reply

Post navigation

1 2 3 4 … 69 70 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,513 other subscribers.

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme Theme Privacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Necessary Always Enabled