The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say…
Category: Web Fraud 2.0
Asia Pacific, Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm, Web Fraud 2.0
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering…
A Little Sunshine, Exploits, Global Security News, Latest Warnings, Web Fraud 2.0
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal…
A Little Sunshine, Global Security News, Latest Warnings, Web Fraud 2.0
Most Parked Domains Now Serving Malicious Content
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to…
A Little Sunshine, Asia Pacific, AT&T, Global Security News, Latest Warnings, Tax Refund Fraud, Web Fraud 2.0
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say…
A Little Sunshine, Amazon, Asia Pacific, Global Security News, Internet of Things (IoT), Web Fraud 2.0
Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive…
A Little Sunshine, alibaba, Apple, Asia Pacific, Global Security News, The Coming Storm, Web Fraud 2.0
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a lawsuit filed in the Southern District of New…
A Little Sunshine, Global Security News, Internet of Things (IoT), North America, Web Fraud 2.0
Cloudflare Scrubs Aisuru Botnet from Top Domains List
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru’s overlords are using the botnet to boost…
A Little Sunshine, Global Security News, Internet of Things (IoT), North America, The Coming Storm, Web Fraud 2.0
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, North America, Ransomware, Russia's War on Ukraine, Web Fraud 2.0
Canada Fines Cybercrime Friendly Cryptomus $176M
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency…
A Little Sunshine, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues. Earlier this week,…
Global Security News, Internet of Things (IoT), Latest Warnings, The Coming Storm, Web Fraud 2.0
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks,…
Global Security News, Latest Warnings, The Coming Storm, Time to Patch, Web Fraud 2.0
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package…
A Little Sunshine, Gambler Panel, Global Security News, Latest Warnings, The Coming Storm, Web Fraud 2.0
Affiliates Flock to ‘Soulless’ Scam Gambling Machine
Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself…
A Little Sunshine, Asia Pacific, Global Security News, Ne'er-Do-Well News, The Coming Storm, Web Fraud 2.0
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage…
A Little Sunshine, Global Security News, Latest Warnings, Web Fraud 2.0
Scammers Unleash Flood of Slick Online Gaming Sites
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than…
A Little Sunshine, Asia Pacific, Global Security News, Latest Warnings, Ne'er-Do-Well News, Web Fraud 2.0
Big Tech’s Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X.…
A Little Sunshine, Global Security News, Ne'er-Do-Well News, Web Fraud 2.0
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more…
A Little Sunshine, Amazon, Europe, Global Security News, Russia's War on Ukraine, Time to Patch, Web Fraud 2.0
Proxy Services Feast on Ukraine’s IP Address Exodus
Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested…
A Little Sunshine, Amazon, Europe, Funnull, Global Security News, infrastructure laundering, Ivan Neculiti, Microsoft, Ne'er-Do-Well News, Silent Push, Stark Industrires Solutions Ltd, Suncity Group, Web Fraud 2.0, Yuri Neculiti, Zach Edwards
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Image: Shutterstock, ArtHead. The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to…
A Little Sunshine, Breadcrumbs, eWorldTrade, Federal Investigation Agency, Global Security News, Intersys Limited, Junaid Mansoor, Majestic Ghostwriting, Muhammad Burhan Mirza, NatInfoSec, Ne'er-Do-Well News, North America, Octa Group Technologies AU, Qasim Mansoor, Retrocube LLC, The New York Times, U.S. Department of Justice, U.S. Patent and Trademark Office, Vertical Minds LLC, Web Fraud 2.0
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new…
A Little Sunshine, Asia Pacific, Ford Merrill, Global Security News, google android, imessage, Latest Warnings, Lighthouse, Mastercard, Ne'er-Do-Well News, ProDaft, Resecurity, SecAlliance, SilentPush, Smishing Triad, stripe, The Coming Storm, visa, Web Fraud 2.0, Xinxin Group, Z-NFC, Zach Edwards
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime…
A Little Sunshine, Apple, Asia Pacific, Ford Merrill, ghost tap, Global Security News, Google, Grant Smith, imessage, M3AAWG, RCS, Resecurity, SecAlliance, smishing, The Coming Storm, ThreatFabric, Web Fraud 2.0, ZNFC
How Phished Data Turns into Apple & Google Wallets
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new…
A Little Sunshine, Asia Pacific, Fangneng CDN, Funnull, Global Security News, infrastructure laundering, Microsoft Azure, Ne'er-Do-Well News, NETSCOUT, NoName057(16), polyfill, Richard Hummel, Silent Push, Suncity Group, Time to Patch, U.S. Department of Commerce, Web Fraud 2.0, Zach Edwards
Infrastructure Laundering: Blending in with the Cloud
Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and…
A Little Sunshine, Asia Pacific, EZDriveMA, fbi, Ford Merrill, Global Security News, ic3, imessage, Latest Warnings, Lighthouse, MassDOT, North Texas Toll Authority, RCS, SecAlliance, smishing, SMS phishing, Sunpass, The Toll Roads, Web Fraud 2.0
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes…
A Little Sunshine, Coinbase, discord, Emerging Tech, Global Security News, Latest Warnings, Lookout, Mark Cuban, Perm, Shark Tank, Star Fraud, Stotle, Telegram, The Coming Storm, Trezor, Unit 221B, voice phishing, Web Fraud 2.0
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…
A Little Sunshine, Coinbase, Gemini AI, Global Security News, Google Assistant, Google Docs, Google Forms, Google Photos, Graham Cluely, Junseth, Latest Warnings, Minecraft, Ne'er-Do-Well News, SwanCoin, Trezor, Web Fraud 2.0
How to Lose a Fortune with Just One Bad Click
Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to…
A Little Sunshine, Breadcrumbs, CloudFlare, Global Security News, Russia's War on Ukraine, Web Fraud 2.0
How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses,…
A Little Sunshine, emergency data request, fake EDR, fbi, Global Security News, Kodex, Latest Warnings, Matt Donahue, North America, pwnstar, The Coming Storm, Web Fraud 2.0
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…