Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Marketplace. Show all posts
Security Flaws
Cyber Security Extension Malware Detection Malwares Marketplace Microsoft Microsoft security Ransomwares Security Flaws

Ransomware Found in VSCode Extensions Raises Concerns Over Microsoft’s Security Review

 

Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security researchers flagged them and they were subsequently removed. 

Despite Microsoft’s security measures, the extensions remained publicly accessible for a significant period, highlighting potential gaps in the company’s review process. The “ahban.cychelloworld” extension was first uploaded on October 27, 2024, followed by “ahban.shiba” on February 17, 2025. The VSCode Marketplace, designed to provide developers with additional tools for Microsoft’s popular coding platform, has come under scrutiny for failing to identify these threats. 

Researchers at ReversingLabs determined that both extensions included a PowerShell script that connected to a remote Amazon Web Services (AWS) server to download further malicious code. This secondary payload functioned as ransomware, though evidence suggests it was still in a testing phase. 

Unlike traditional ransomware that encrypts entire systems, this malware specifically targeted files stored in C:\users%username%\Desktop\testShiba.  Once the encryption was complete, victims received a Windows notification stating: “Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them.” However, no further instructions or payment details were provided, suggesting the malware was not yet fully developed.  

Although Microsoft eventually removed the extensions, security researcher Italy Kruk from ExtensionTotal disclosed that their automated detection system had identified the malicious code much earlier. Kruk stated that they had alerted Microsoft about the issue but received no response. Further analysis revealed that the initial version of “ahban.cychelloworld” was clean, but the ransomware was introduced in version 0.0.2, which was released on November 24, 2024. ExtensionTotal flagged this version to Microsoft on November 25, yet the extension remained available for months. 

During this time, five more versions were uploaded, all containing the same ransomware. This case has intensified concerns about Microsoft’s ability to monitor third-party extensions effectively. The security lapse within the VSCode Marketplace highlights the risk developers face when downloading extensions, even from official sources. Microsoft has previously faced criticism for both slow responses to security threats and for mistakenly removing non-malicious extensions. 

A notable example involved two popular VSCode themes, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ which were taken down due to suspected obfuscated JavaScript. However, after further review, Microsoft determined the extensions were safe, reinstated them, and apologized, promising improvements to its security screening process. The presence of ransomware in widely used developer tools underscores the need for stronger security measures. Developers must stay cautious, regularly update security protocols, and carefully evaluate third-party extensions before installing them, even when they come from official platforms like the VSCode Marketplace.
Read more »
Stolen Data
cyber espionage tools Cyber Security CyberCrime Cybercrime Markets Dark web marketplace Department of Justice Marketplace Personal Data Stolen Data

U.S. Justice Department Shuts Down Rydox Cybercrime Marketplace

 

The U.S. Justice Department announced on Thursday the successful seizure and dismantling of Rydox, a notorious online marketplace for trafficking stolen personal information and cybercrime tools. In a coordinated operation with international law enforcement agencies, three individuals allegedly responsible for administering the site were arrested.

Since its inception in 2016, Rydox has been linked to over 7,600 illicit sales, generating significant profits by selling sensitive data such as credit card details, login credentials, and personally identifiable information (PII). Authorities reported that the platform offered 321,372 cybercrime products to a user base of more than 18,000 registered buyers, earning over $230,000 in revenue.

The Coordinated Crackdown

This operation involved multiple law enforcement agencies, including:

  • FBI’s Pittsburgh Office
  • Albania’s Special Anti-Corruption Body (SPAK)
  • National Bureau of Investigation (BKH)
  • Kosovo Special Prosecution Office
  • Kosovo Police
  • Royal Malaysian Police

Authorities apprehended two Kosovo nationals, Ardit Kutleshi (26) and Jetmir Kutleshi (28), in Kosovo. Both suspects will be extradited to the Western District of Pennsylvania to face charges including identity theft and money laundering. A third individual, Shpend Sokoli, was arrested in Albania and will face prosecution in his home country.

As part of the operation, law enforcement seized the domain Rydox.cc and its associated servers located in Kuala Lumpur, Malaysia. Additionally, U.S. authorities confiscated approximately $225,000 in cryptocurrency linked to the defendants, effectively dismantling the infrastructure supporting Rydox’s operations.

Global Cooperation in Combating Cybercrime

Eric Olshan, U.S. Attorney for the Western District of Pennsylvania, emphasized the importance of international collaboration in tackling cybercrime networks. “The harms can be devastatingly local,” Olshan stated, underlining how these crimes, though orchestrated globally, impact individuals and communities directly. He reiterated the Justice Department’s commitment to holding cybercriminals accountable.

Rydox has long symbolized the darker side of digital innovation, where stolen data is exploited for illicit profit. By providing a marketplace for cybercrime tools and sensitive information, it enabled thousands of buyers to commit fraudulent activities that affected both individuals and organizations.

Implications of the Takedown

The successful takedown of Rydox marks a significant victory in the fight against global cybercrime. It highlights the importance of multinational efforts in addressing online criminal networks. However, it also serves as a reminder of the persistent threats posed by similar platforms.

The arrests and dismantling of Rydox send a strong message to cybercriminals: no one is beyond the reach of international law enforcement agencies. This operation underscores the commitment of global authorities to combat cybercrime and protect victims from its devastating consequences.

Read more »
US Citizens
Data Breach Data Leak FBI Marketplace US Citizens

Feds Take Down SSNDOB Marketplace for Selling Private Data of 24 Million US Citizens

 

SSNDOB, an illicit online marketplace that sold private details of nearly 24 million US citizens, has been taken down following an international law enforcement operation conducted by the FBI, the Internal Revenue Service, the Department of Justice, and Cyprus Police. 

The feds seized four domains hosting the SSNDOB marketplace as part of this operation: "ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz." 

According to the DOJ, the leaked details included names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue. 

"A series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue," DOJ stated. 

While the website also sold UK citizens' birth dates, it was primarily used to sell the private data of US people for as little as $0.50. 

According to cybersecurity firm Advanced Intel, most of the data was stolen via healthcare and hospital data breaches. Subsequently, the attackers used the information to launch a financial scam. 

"SSNDOB was one of the largest crime shops offering a collection of personally identifiable information for fraudsters and played an integral part in fraud schemes. The majority of the customers used the shop data for various types of scams from tax to bank fraud," AdvIntel CEO Vitali Kremez explained. 

Chainalysis, a blockchain analysis firm, published its own report on the SSNDOB incident revealing that the marketplace received approximately $22 million worth of Bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been operating since at least 2013. 

However, one of the most interesting details researchers identified was a link between SSNDOB and Joker's Stash, which shut down its operations voluntarily in January 2021 due to increased pressure from law enforcement agencies, disruptions due to COVID-19, and the decreasing quality of stolen credit cards. 

"Perhaps most interesting of all though is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021," explains Chainalysis' report. Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership."
Read more »
Subscribe to: Posts (Atom)