Reposted by j
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5
ESET takes part in global operation to disrupt Lumma Stealer
Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation
www.welivesecurity.com
May 21, 2025 at 4:16 PM
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5
Reposted by j
The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6
www.welivesecurity.com
May 22, 2025 at 8:06 PM
The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6
Reposted by j
New story, by me:
Oops: DanBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals
accused of operating and selling DanaBot, a prolific strain of
information-stealing malware that has been sold on […]
[Original post on infosec.exchange]
Oops: DanBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals
accused of operating and selling DanaBot, a prolific strain of
information-stealing malware that has been sold on […]
[Original post on infosec.exchange]
![A screenshot of the DanaBot support site:
DANATOOLS -
Bot OnlineServer
Proy recovery via TOR. A panel for working in online modein the form of an exe application Stiller (Chrome, Firefox, Opera, Edge, IE. Popular FTP. SSH clients. The ability to raise the SocksS server (+API]
Mail programs Port forwarding
Interception of the Clipboard Information about processes.
Keylogger cn
File grabber (wallet grabber) ‘Working with files, network resources
Post grabber (Chrome, Firefox, Opera, Edge, IE) HVNC
Video recording, processes, sites Viewing the Screen
HNC s a hidden desicop Online Stiller
Screen view, cm, process management
HTML injections with extended Zeus format including internal
variables and bot information
Redirects of web requests.
Blocking web requests
Jabber notification system for events, sites, processes, automatic.
activation of the HYNC function](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:eyixtuogercyaq5npymdzi5l/bafkreihk5bff2qugt5mqtcpj5bo2wjejnhg6rqcmjlrmowszktl47ueofi@jpeg)
May 22, 2025 at 9:56 PM
New story, by me:
Oops: DanBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals
accused of operating and selling DanaBot, a prolific strain of
information-stealing malware that has been sold on […]
[Original post on infosec.exchange]
Oops: DanBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals
accused of operating and selling DanaBot, a prolific strain of
information-stealing malware that has been sold on […]
[Original post on infosec.exchange]
New blog with an update on the Socks5Systemz botnet with some interesting details such as which proxy service is currently using it! www.bitsight.com/blog/proxyam... #socks5systemz #proxyam
PROXY.AM Powered by Socks5Systemz Botnet | Bitsight
After a year long investigation, Bitsight TRACE follows up on Socks5Systemz research.
www.bitsight.com
December 4, 2024 at 1:51 PM
New blog with an update on the Socks5Systemz botnet with some interesting details such as which proxy service is currently using it! www.bitsight.com/blog/proxyam... #socks5systemz #proxyam
Lumen blogs are always interesting 🫡
The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Botnet fueling residential proxies disrupted in cybercrime crackdown
The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks.
www.bleepingcomputer.com
November 20, 2024 at 10:48 AM
Lumen blogs are always interesting 🫡
Reposted by j
We are sharing out Socks5Systemz proxy botnet infected IPs in our free daily SInkhole HTTP Event reports shadowserver.org/what-we-do/n...
Over 36K IPs seen infected 2023-11-12. Thank you Bitsight
for the collaboration!
Socks5Systemz Infection tracker: dashboard.shadowserver.org/statistics/c...
Over 36K IPs seen infected 2023-11-12. Thank you Bitsight
for the collaboration!
Socks5Systemz Infection tracker: dashboard.shadowserver.org/statistics/c...
November 14, 2023 at 9:47 AM
We are sharing out Socks5Systemz proxy botnet infected IPs in our free daily SInkhole HTTP Event reports shadowserver.org/what-we-do/n...
Over 36K IPs seen infected 2023-11-12. Thank you Bitsight
for the collaboration!
Socks5Systemz Infection tracker: dashboard.shadowserver.org/statistics/c...
Over 36K IPs seen infected 2023-11-12. Thank you Bitsight
for the collaboration!
Socks5Systemz Infection tracker: dashboard.shadowserver.org/statistics/c...
Hello world. What’s up? Am I late to the party?
June 16, 2023 at 7:37 PM
Hello world. What’s up? Am I late to the party?