Our guess is that Pahan was after his victims’ logins for leakforums and other hacker sites, in order to build up his rank in the underground. (The “Pahan” connection continued here, because the URL contained the text pahan123.) They ended up infected with the KeyBase data stealer instead, and their stolen passwords were sent off to a data-collection website. The SLICK RAT download contained an installer:īut newbie crooks who ran the installer didn’t get what they paid for. Sometimes crooks turn on their own kind, as happened here.Ī user on the popular underground site leakforums, going by the name pahan12, popped up offering a PHP Remote Access Trojan called SLICK RAT: One of the most popular keyloggers these days is KeyBase, a product that was originally sold as a legitimate application before being abandoned in apparent disgust by its author:īut KeyBase lives on, with cybercrooks giving it a new home all over the cybercriminal underground. In other words, there’s still big money in keyloggers. The amount may be $100,000 or even more, and the email will typically claim that that the funds are part of time-critical business venture such as an acquisition, to justify both the large sum and the urgency. The fraudulent email in a wire-wire scam won’t be a demand for $300 in bitcoins, which is a typicalprice-point in ransomware, but an official-sounding corporate instruction to put through a massive funds transfer.
![photominer worm photominer worm](https://thumbs.dreamstime.com/z/leaf-miner-worm-plant-leaf-leaf-miner-worm-plant-leaf-alternate-host-insect-nature-146291484.jpg)
![photominer worm photominer worm](https://news-cdn.softpedia.com/images/fitted/620x/linux-trojan-mines-for-cryptocurrency-using-misconfigured-redis-database-servers-507115-2.jpg)
#Photominer worm password
That’s where a crook logs in with a stolen password to send an email that doesn’t just look as though it came from your CEO’s account, it really did come from her account.
![photominer worm photominer worm](https://news-cdn.softpedia.com/images/fitted/340x180/photominer-worm-spreads-via-vulnerable-ftp-servers-mines-for-crypto-currency.png)
Not all malware is ransomware, even though ransomware hogs the spotlight these days.Keyloggers are still popular in the cyberunderworld, because they help crooks to steal your passwords.Īrmed with your email password, for example, crooks can pull off much more audacious crimes than ransomware, such as business email attacks, also known a CEO fraud or wire-wire scams.