BTC $102580.9415
ETH $2208.1012
XRP $2.2994
BNB $625.5003
SOL $161.6619
DOGE $0.1938
ADA $0.7566
TRX $0.2549
stETH $2203.9203
WBTC $102657.0404
SUI $3.8356
LINK $15.7039
wstETH $2651.7185
AVAX $22.1007
XLM $0.2916
USDS $1.0035
LEO $8.8676
HBAR $0.1934
BCH $416.1148
TON $3.1919
HYPE $23.6386
LTC $95.0121
DOT $4.4807
WETH $2208.5736
XMR $298.6271
BTCB $102584.8066
BGB $4.4964
BSC-USD $1.0018
weETH $2355.7954
USDE $1.0024
PEPE $0.0000
PI $0.6703
WBT $30.3015
TAO $420.8530
UNI $6.1883
APT $5.5626
NEAR $2.7537
CBBTC $102607.4037
DAI $1.0016
OKB $52.6487
AAVE $205.1001
ONDO $0.9761
CRO $0.0989
ETC $18.4859
ICP $5.2103
TRUMP $13.7943
GT $21.7876
BTC $102580.9415
ETH $2208.1012
XRP $2.2994
BNB $625.5003
SOL $161.6619
DOGE $0.1938
ADA $0.7566
TRX $0.2549
stETH $2203.9203
WBTC $102657.0404
SUI $3.8356
LINK $15.7039
wstETH $2651.7185
AVAX $22.1007
XLM $0.2916
USDS $1.0035
LEO $8.8676
HBAR $0.1934
BCH $416.1148
TON $3.1919
HYPE $23.6386
LTC $95.0121
DOT $4.4807
WETH $2208.5736
XMR $298.6271
BTCB $102584.8066
BGB $4.4964
BSC-USD $1.0018
weETH $2355.7954
USDE $1.0024
PEPE $0.0000
PI $0.6703
WBT $30.3015
TAO $420.8530
UNI $6.1883
APT $5.5626
NEAR $2.7537
CBBTC $102607.4037
DAI $1.0016
OKB $52.6487
AAVE $205.1001
ONDO $0.9761
CRO $0.0989
ETC $18.4859
ICP $5.2103
TRUMP $13.7943
GT $21.7876
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • FIN7 Group Sells a Tool to Bypass Security on the Dark Web

    FIN7, a well-known cybercriminal group, advertises its AvNeutralizer tool (also known as AuKill) on underground Dark Web forums. This highly specialized tool is used by ransomware groups such as AvosLocker, Black Basta, BlackCat, LockBit, and Trigona to bypass security systems.

    According to a SentinelOne report, AvNeutralizer is sold on the criminal underground and is widely used to interfere with security systems. FIN7, an electronic crime group of Russian and Ukrainian origin, has been active since at least 2012. Initially, they targeted point-of-sale (PoS) terminals, but later shifted to operating as an affiliate of groups such as REvil and Conti, and later launched their own ransomware, DarkSide and BlackMatter.

    Also known as Carbanak, Carbon Spider, Gold Niagara, and Sangria Tempest (formerly Elbrus), FIN7 members created shell companies such as Combi Security and Bastion Secure to engage software engineers in their ransomware schemes under the pretext of penetration testing. Over the years, FIN7 has demonstrated a high level of adaptability by modernizing its arsenal of malware such as POWERTRASH and DICELOADER.

    Attackers also conduct large-scale phishing campaigns using thousands of fake domains that mimic legitimate media and technology companies. These domains are used to redirect users to fake login pages masquerading as legitimate portals. They are also advertised on search engines such as Google, forcing users to download malware instead of popular software such as 7-Zip, PuTTY, Notepad++, and others.

    It is worth noting that the use of FIN7 malware tactics was highlighted by eSentire and Malwarebytes in May 2024. The attacks led to the deployment of NetSupport RAT. FIN7 rents dedicated IP addresses from several hosts, but mostly from Stark Industries, which has been linked to DDoS attacks in Ukraine and across Europe.

    Since the beginning of 2023, ransomware groups have started using updated versions of AvNeutralizer. This tool uses anti-analysis techniques and the built-in Windows driver to interfere with security solutions. It has been in active development since April 2022 and uses methods similar to those of the Lazarus Group, making it even more dangerous.

    In addition, FIN7's updated Checkmarks platform includes a module for automated SQL injection attacks. The use of such methods significantly increases the group's influence.

    AvNeutralizer's advertising on underground forums shows the evolution of FIN7's tactics, which now include selling the tool to other cybercriminals. The tool is becoming a valuable asset for attackers facing advanced defenses.

    New 'FrostyGoop' malware for ICS systems detected, targets critical infrastructure
    Global scam by Stargazer Goblin: 3,000 fake GitHub accounts spreading malware

    Comments 0

    Add comment