BTC $85051.2743
ETH $1997.1794
XRP $2.3999
BNB $623.4105
SOL $130.5965
ADA $0.7003
DOGE $0.1712
TRX $0.2308
stETH $1992.2182
WBTC $84943.0342
LINK $14.3777
TON $3.6663
LEO $9.7667
USDS $1.0026
XLM $0.2832
AVAX $19.5158
CRO $0.0801
HBAR $0.1827
SUI $2.2605
DOT $4.4670
LTC $91.3784
OM $6.4518
BCH $323.4444
PI $0.9711
BGB $4.8813
WETH $2006.8492
USDE $0.9997
HYPE $15.7781
XMR $215.7791
UNI $6.6657
DAI $1.0002
APT $5.6846
NEAR $2.7366
WBT $29.0780
PEPE $0.0000
OKB $50.3390
GT $23.0898
ICP $5.7889
AAVE $183.2523
TKX $34.3616
ETC $17.6721
MNT $0.7889
ONDO $0.8314
TRUMP $11.4119
TAO $253.7285
VET $0.0250
FDUSD $0.9985
BTC $85051.2743
ETH $1997.1794
XRP $2.3999
BNB $623.4105
SOL $130.5965
ADA $0.7003
DOGE $0.1712
TRX $0.2308
stETH $1992.2182
WBTC $84943.0342
LINK $14.3777
TON $3.6663
LEO $9.7667
USDS $1.0026
XLM $0.2832
AVAX $19.5158
CRO $0.0801
HBAR $0.1827
SUI $2.2605
DOT $4.4670
LTC $91.3784
OM $6.4518
BCH $323.4444
PI $0.9711
BGB $4.8813
WETH $2006.8492
USDE $0.9997
HYPE $15.7781
XMR $215.7791
UNI $6.6657
DAI $1.0002
APT $5.6846
NEAR $2.7366
WBT $29.0780
PEPE $0.0000
OKB $50.3390
GT $23.0898
ICP $5.7889
AAVE $183.2523
TKX $34.3616
ETC $17.6721
MNT $0.7889
ONDO $0.8314
TRUMP $11.4119
TAO $253.7285
VET $0.0250
FDUSD $0.9985
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • FIN7 Group Sells a Tool to Bypass Security on the Dark Web

    FIN7, a well-known cybercriminal group, advertises its AvNeutralizer tool (also known as AuKill) on underground Dark Web forums. This highly specialized tool is used by ransomware groups such as AvosLocker, Black Basta, BlackCat, LockBit, and Trigona to bypass security systems.

    According to a SentinelOne report, AvNeutralizer is sold on the criminal underground and is widely used to interfere with security systems. FIN7, an electronic crime group of Russian and Ukrainian origin, has been active since at least 2012. Initially, they targeted point-of-sale (PoS) terminals, but later shifted to operating as an affiliate of groups such as REvil and Conti, and later launched their own ransomware, DarkSide and BlackMatter.

    Also known as Carbanak, Carbon Spider, Gold Niagara, and Sangria Tempest (formerly Elbrus), FIN7 members created shell companies such as Combi Security and Bastion Secure to engage software engineers in their ransomware schemes under the pretext of penetration testing. Over the years, FIN7 has demonstrated a high level of adaptability by modernizing its arsenal of malware such as POWERTRASH and DICELOADER.

    Attackers also conduct large-scale phishing campaigns using thousands of fake domains that mimic legitimate media and technology companies. These domains are used to redirect users to fake login pages masquerading as legitimate portals. They are also advertised on search engines such as Google, forcing users to download malware instead of popular software such as 7-Zip, PuTTY, Notepad++, and others.

    It is worth noting that the use of FIN7 malware tactics was highlighted by eSentire and Malwarebytes in May 2024. The attacks led to the deployment of NetSupport RAT. FIN7 rents dedicated IP addresses from several hosts, but mostly from Stark Industries, which has been linked to DDoS attacks in Ukraine and across Europe.

    Since the beginning of 2023, ransomware groups have started using updated versions of AvNeutralizer. This tool uses anti-analysis techniques and the built-in Windows driver to interfere with security solutions. It has been in active development since April 2022 and uses methods similar to those of the Lazarus Group, making it even more dangerous.

    In addition, FIN7's updated Checkmarks platform includes a module for automated SQL injection attacks. The use of such methods significantly increases the group's influence.

    AvNeutralizer's advertising on underground forums shows the evolution of FIN7's tactics, which now include selling the tool to other cybercriminals. The tool is becoming a valuable asset for attackers facing advanced defenses.

    New 'FrostyGoop' malware for ICS systems detected, targets critical infrastructure
    Global scam by Stargazer Goblin: 3,000 fake GitHub accounts spreading malware

    Comments 0

    Add comment