ScanPOS

As the biggest shopping season of 2016 approaches, Black Friday and the weeks leading up to Christmas, PC security analysts have observed the appearance of a new POS (Point of Sale) threat that has been dubbed ScanPOS. ScanPOS has been associated with the Kronos banking Trojan. It seems that these campaigns appear every year right around the same time. Kronos is being distributed using spam email campaigns and compromised email attachments. Through these email campaigns, ScanPOS is being delivered as a secondary payload during the attack. The email campaigns being used to distribute ScanPOS were first observed on November 10 and November 14 of 2016, with tens of thousands of corrupted email messages targeting different economic sectors. These email campaigns did have effects around the world but were mostly targeted towards...

Posted on November 17, 2016 in Trojans

BonziBuddy Ransomware

The BonziBuddy Ransomware was discovered by malware researchers in the second week of November 20016. The BonziBuddy Ransomware was reported by victims of the Trojan who said that their data was encrypted and a program window titled ‘Bonzibuddy Says’ appeared on their desktops. Initial threat analysis did not uncover features that we have not seen already in threats such as the Gingerbread Ransomware and the HappyLocker Ransomware . Also, the name ‘BonziBuddy’ is likely to be taken from the BonziBuddy desktop assistant that was released in 1999 and was supported until 2004. Researchers suspect that the BonziBuddy Ransomware may be a test variant for an encryption Trojan that is being developed at the time of discovery. The code underneath BonziBuddy Ransomware did not include encryption functionality, but...

Posted on November 16, 2016 in Ransomware

Ransoc Screenlocker

The Ransoc Screenlocker is a Trojan that is adapted to browsers and desktops. Security researchers have come across versions of the Ransoc Screenlocker Trojan that are aimed at locking the desktop and Internet browser of the compromised user. The Ransoc Screenlocker Trojan resembles the functionality we have seen with the Sharecash Screenlocker and the zScreenlocker Ransomware . The Ransoc Screenlocker is designed to limit the user’s control of a particular application and the desktop as whole, displays a ‘Penalty Notice’ and demands the user pays $100 via direct credit card transaction. The Ransoc Screenlocker is dispersed among Windows OS users via malvertising campaigns and tools like the Nuclear Exploit Kit . Some researchers believe the Ransoc Screenlocker Trojan is the next generation of ransowmare due to...

Posted on November 16, 2016 in Ransomware

“Demo” Ransomware

Security researchers began talking about the “Demo” Ransomware when they discovered an encryption Trojan programmed to encode photos only. The “Demo” Ransomware detection name denotes an encryption Trojan that is most likely under development at the time of writing this. Analysts report that the “Demo” Ransomware was seen on the Dark Web and spam emails that were loaded with a macro-enabled DOCX file, which serves as your run-of-the-mill Trojan-Dropper. The “Demo” Ransomware is installed to a temporary folder on the primary system drive and a scan is initiated. The “Demo” Ransomware scans the computer for data containers in JPG format and adds them to a list that is used for the encryption procedure. We should note that variants of the “Demo” Ransomware are...

Posted on November 16, 2016 in Ransomware

Angela Merkel Ransomware

The current world political scene is clearly in turmoil. It is, therefore, no surprise that ransomware and other threats themed around different political figures are being released. Like the Donald Trump Ransomware and other, similar attacks, the Angela Merkel Ransomware is themed around the German prime minister. Apart from this theme, though, there is nothing to distinguish the Angela Merkel Ransomware from the countless other ransomware Trojans that are active in the wild currently. Like most ransomware Trojans, the Angela Merkel Ransomware is being distributed through the use of corrupted spam email attachments. These corrupted spam email attachments will often take advantage of corrupted scripts and vulnerabilities in macros to download and install the Angela Merkel Ransomware onto the victim’s computer. The Angela Merkel...

Posted on November 15, 2016 in Ransomware

Hackerman Ransomware

The Hackerman Ransomware is an encryption Trojan that supports a Spanish version and belongs to the Hidden tear family of ransomware. The Hackerman Ransomware is deployed to users by spam email with attached corrupted documents and malvertising campaigns. Internet users may be delivered messages that resemble payment notifications from online stores like Amazon and photos from social media like Instagram, which feature an attached PDF, DOCX and RAR file. These objects could be embedded with a corrupted JavaScript and macro that is designed to be run by Windows and result in the installation of the Hackerman Ransomware. Security researchers report that the Hackerman Ransomware is using open-source encryption resources that are modified to prevent detection by anti-malware shields. The Hackerman Ransomware features several layers of...

Posted on November 15, 2016 in Ransomware

Karma Ransomware

The Karma Ransomware is a Trojan equipped with an encryption engine that it uses to lock your data and demand money to release the correct key and decryption software. The Karma Ransomware Trojan is pushed to users via software bundling and corrupted advertisements. We have received reports that the Karma Ransomware may be delivered to users as a program named Windows-Tuneup, which users are lead to believe is a system optimizer. Researchers reveal that the campaign to release the Karma Ransomware is related to the Windows-tuneup.com site and users are advised to be extra careful when downloading software from unfamiliar pages. In-depth code analysis of the Karma Ransomware showed that the Trojan is developed by a programmed under the alias of SAFFRON-WOLF. There are not many cases where the authors of Ransomware leave their...

Posted on November 15, 2016 in Ransomware

YafunnLocker Ransomware

The YafunnLocker Ransomware is a ransomware Trojan that was first observed in November of 2016 by PC security analysts. Security analysts recommend that computer users take steps to protect their computers from the YafunnLocker Ransomware and the many other ransomware Trojans that are active in the wild currently. The YafunnLocker Ransomware carries out its attack by using an advanced encryption algorithm to lock the victim’s data. The YafunnLocker Ransomware may be distributed through the use of corrupted advertisements and links that lead computer users to websites containing an exploit kit. The RIG Exploit Kit , in particular, has been associated with recent YafunnLocker Ransomware attacks. The YafunnLocker Ransomware is based on the TeslaCrypt encryption ransomware Trojan, which was no longer developed after Spring of...

Posted on November 15, 2016 in Ransomware

Gingerbread Ransomware

The Gingerbread Ransomware, a ransomware Trojan uncovered in November of 2016, caught the attention of PC security analysts due to the uniqueness and bizarre nature of its ransom note background and image. The Gingerbread Ransomware uses a fairly typical attack, which is different from many ransomware Trojans in that it combines the RSA and XOR encryption to take over the victim’s files. Unfortunately, it may not be possible to recover the files that have been encrypted using the Gingerbread Ransomware currently. The Gingerbread Ransomware may be a variant of the ISHTAR Ransomware , which is part of a wave of ransomware attacks that are targeted toward computer users in Russian speaking countries. The Gingerbread Ransomware is being distributed through corrupted spam email messages. The Gingerbread Ransomware has numerous...

Posted on November 14, 2016 in Ransomware

‘MagicMinecraft’ Screenlocker

PC security analysts have received reports of threat attacks involving the ‘MagicMinecraft’ Screenlocker. The ‘MagicMinecraft’ Screenlocker uses an approach that is quite old, which involves locking the computer users out of their computers. While con artists have favored ransomware Trojans that encrypt the victim’s files due to their devastating consequences, in the months of October and November of 2016 there has been a resurgence of classic screen locker attacks, which simply lock computer users out of their computers by using misleading language, social engineering techniques, and a simple attack that is quite simple to remove. The ‘MagicMinecraft’ Screenlocker is designed to block computer users from using the infected computer. The ‘MagicMinecraft’ Screenlocker claims that...

Posted on November 14, 2016 in Ransomware

HappyLocker Ransomware

The HappyLocker Ransomware is a ransomware Trojan that belongs to the Hidden Tear family of encryption ransomware. Hidden Tear was first observed in August of 2015 when a Turkish researcher released its code publicly on GitHub as an ‘educational ransomware’ project. This resulted in countless variants of threats that adapted the Hidden Tear to create highly effective ransomware attacks. The HappyLocker Ransomware is just one of countless Hidden Tear variants that have appeared in the last year. The HappyLocker Ransomware, like most ransomware Trojans, takes over the victim’s computer, encrypting the victim’s files and then demanding that the victim pays a ransom in exchange for the decryption key. The HappyLocker Ransomware is being distributed by using corrupted file attachments contained in spam email...

Posted on November 14, 2016 in Ransomware

WickedLocker Ransomware

PC security analysts have received reports of attacks involving the WickedLocker Ransomware. After analyzing the WickedLocker Ransomware, PC security researchers have concluded that the WickedLocker Ransomware is one of the many variants of the Hidden Tear ransomware project that are in distribution currently. Hidden Tear, which was released in August of 2015, was created as an ‘educational ransomware’ and uploaded to Github initially. This publicly-available threat was adapted by con artists into a variety of ransomware Trojans quickly, which include the WickedLocker Ransomware infection, released more than a year later. The WickedLocker Ransomware uses the AES-256 encryption to take the victim’s files hostage, by encrypting them and making them inaccessible. The WickedLocker Ransomware demands payment of 1 BitCoin,...

Posted on November 14, 2016 in Ransomware

Search.easyvideoconverteraccess.com

The Search.easyvideoconverteraccess.com portal offers a search service for its visitors and is associated with the Easy Video Converter Access browser add-on for Mozilla Firefox and Internet Explorer. The Easy Video Converter Access add-on and Search.easyvideoconverteraccess.com are managed by Sail Machine, which is a software publisher that is related to Adknowledge Inc., which released BrowserSafeGuard and LocalHost New Tab . The Easy Video Converter Access browser add-on is known to be promoted by adware and legitimate advertisements on software deployment platforms. The official site for the Easy Video Converter Access is Easyvideoconverteraccess.com, which claims that users are provided with tools and a new tab page that would enable them to ‘convert videos and files to over 1000 formats.’ Whenever the users...

Posted on November 14, 2016 in Browser Hijackers

Wibeez.com

The Wibeez.com is registered as a search service that includes links to third-party sites like Facebook.com, Deezer.com and Orange.fr. The Wibeez.com search portal is suited to French-speaking users and may not be user-friendly to other Web surfers. Additionally, there are reports that Wibeez.com is related to cases of browser hijacking. Researchers looked into Wibeez.com and discovered that visitors at Wibeez.com might be redirected to portals like Planet-surf.com and Yougoo.fr , which we have listed in our databases because they are associated with browser hijacking software. The Wibeez.com is registered to the 54.228.213.112 IP address and revealed more disturbing facts. It appears that the managers behind Planet-surf.com and Yougoo.fr created the Wibeez.com search portal to avoid companies like Google and Mozilla from...

Posted on November 13, 2016 in Browser Hijackers

Alakazee.com

Alakazee.com is advertised as the best search engine for users in France, but it is not listed in the databases of Google, Yahoo and DMOZ.org. Alakazee.com is governed by a company named DEVELOPMENT MEDIA 73 and is registered to the 54.228.213.112 IP address, which is associated with several cases of browser hijacking. It comes as no surprise that the Alakazee.com portal is mentioned in reports of browser hijacking as well. Web surfers have indicated that Alakazee.com is presented as their homepage and new tab without them making changes to the browser. Security experts note that there may be a browser extension linked to Alakazee.com, which you installed with a freeware bundle using the ‘Express’ or ‘Typical’ option. Usually, search services like Alakazee.com rely on partners to generate traffic and claim...

Posted on November 13, 2016 in Browser Hijackers