BTC $99830.5817
ETH $4000.6021
XRP $2.6105
SOL $238.5568
BNB $750.0325
DOGE $0.4538
ADA $1.2137
stETH $3996.3142
TRX $0.3190
AVAX $51.6627
wstETH $4752.7832
TON $6.8025
UNI $18.1025
WBTC $99571.0079
DOT $10.6186
LINK $24.7921
WETH $4049.4968
HBAR $0.3314
SUI $4.2613
BCH $608.3109
PEPE $0.0000
XLM $0.5050
LTC $133.7468
NEAR $7.7396
APT $14.5825
ICP $14.7073
FET $2.0670
ETC $37.2497
POL $0.7006
CRO $0.2031
VET $0.0667
DAI $0.9995
RENDER $10.2805
BSC-USD $1.0002
TAO $698.2496
ARB $1.1650
FIL $7.8325
KAS $0.1848
USDE $1.0015
BGB $2.7231
AAVE $282.4296
ALGO $0.5111
IMX $2.0726
STX $2.6584
ATOM $10.1949
ONDO $1.6799
MNT $1.1608
BTC $99830.5817
ETH $4000.6021
XRP $2.6105
SOL $238.5568
BNB $750.0325
DOGE $0.4538
ADA $1.2137
stETH $3996.3142
TRX $0.3190
AVAX $51.6627
wstETH $4752.7832
TON $6.8025
UNI $18.1025
WBTC $99571.0079
DOT $10.6186
LINK $24.7921
WETH $4049.4968
HBAR $0.3314
SUI $4.2613
BCH $608.3109
PEPE $0.0000
XLM $0.5050
LTC $133.7468
NEAR $7.7396
APT $14.5825
ICP $14.7073
FET $2.0670
ETC $37.2497
POL $0.7006
CRO $0.2031
VET $0.0667
DAI $0.9995
RENDER $10.2805
BSC-USD $1.0002
TAO $698.2496
ARB $1.1650
FIL $7.8325
KAS $0.1848
USDE $1.0015
BGB $2.7231
AAVE $282.4296
ALGO $0.5111
IMX $2.0726
STX $2.6584
ATOM $10.1949
ONDO $1.6799
MNT $1.1608
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • FIN7 Group Sells a Tool to Bypass Security on the Dark Web

    FIN7, a well-known cybercriminal group, advertises its AvNeutralizer tool (also known as AuKill) on underground Dark Web forums. This highly specialized tool is used by ransomware groups such as AvosLocker, Black Basta, BlackCat, LockBit, and Trigona to bypass security systems.

    According to a SentinelOne report, AvNeutralizer is sold on the criminal underground and is widely used to interfere with security systems. FIN7, an electronic crime group of Russian and Ukrainian origin, has been active since at least 2012. Initially, they targeted point-of-sale (PoS) terminals, but later shifted to operating as an affiliate of groups such as REvil and Conti, and later launched their own ransomware, DarkSide and BlackMatter.

    Also known as Carbanak, Carbon Spider, Gold Niagara, and Sangria Tempest (formerly Elbrus), FIN7 members created shell companies such as Combi Security and Bastion Secure to engage software engineers in their ransomware schemes under the pretext of penetration testing. Over the years, FIN7 has demonstrated a high level of adaptability by modernizing its arsenal of malware such as POWERTRASH and DICELOADER.

    Attackers also conduct large-scale phishing campaigns using thousands of fake domains that mimic legitimate media and technology companies. These domains are used to redirect users to fake login pages masquerading as legitimate portals. They are also advertised on search engines such as Google, forcing users to download malware instead of popular software such as 7-Zip, PuTTY, Notepad++, and others.

    It is worth noting that the use of FIN7 malware tactics was highlighted by eSentire and Malwarebytes in May 2024. The attacks led to the deployment of NetSupport RAT. FIN7 rents dedicated IP addresses from several hosts, but mostly from Stark Industries, which has been linked to DDoS attacks in Ukraine and across Europe.

    Since the beginning of 2023, ransomware groups have started using updated versions of AvNeutralizer. This tool uses anti-analysis techniques and the built-in Windows driver to interfere with security solutions. It has been in active development since April 2022 and uses methods similar to those of the Lazarus Group, making it even more dangerous.

    In addition, FIN7's updated Checkmarks platform includes a module for automated SQL injection attacks. The use of such methods significantly increases the group's influence.

    AvNeutralizer's advertising on underground forums shows the evolution of FIN7's tactics, which now include selling the tool to other cybercriminals. The tool is becoming a valuable asset for attackers facing advanced defenses.

    New 'FrostyGoop' malware for ICS systems detected, targets critical infrastructure
    Global scam by Stargazer Goblin: 3,000 fake GitHub accounts spreading malware

    Comments 0

    Add comment