Simple_Encoder Ransomware

The Simple_Encoder Ransomware is a new cryptomalware employed by cyber criminals that aim to extort PC users for their money. The Simple_Encoder Ransomware is an Encoding Trojan that is programmed to lock the victim's files and allow its operators to use them as leverage in negotiating a ransom. The payload of the Simple_Encoder Ransomware is deployed to users as an invoice from online stores like Amazon, eBay, and Best Buy. The mail with Simple_Encoder Ransomware may be sent from an address that is nearly identical to the official email account of your favored online shop. The Simple_Encoder Ransomware is packed as an XSLX file with macro that allows it to connect to the Web silently, download and install the Simple_Encoder Ransomware on your PC. All it takes to infect your computer with the Simple_Encoder Ransomware is one click on the malware dropper. AV vendors might detect the...

Posted on July 26, 2016 in Ransomware

NoobCrypt Ransomware

Malware investigators report that there is another competitor in the business with Ransomware that is called NoobCrypt Ransomware. The NoobCrypt Ransomware is a standard Encryption Trojan that is distributed to users using spam bots. The payload of the NoobCrypt Ransomware is not as sophisticated as the one of PowerWare Ransomware and may appear as a PDF, DOCX, and PPTX file. The potential victims may be lead to believe that they are opening an invoice and an update from social media like Twitter, Instagram, and Facebook. When the user runs the NoobCrypt Ransomware he/she may be redirected to a page on the Web and be presented with a fake error message. However, the main executable of the NoobCrypt Ransomware is injected in the OS and may connect to a remote server to download and install additional files. Our analysis revealed that the NoobCrypt Ransomware might be the work of the...

Posted on July 26, 2016 in Ransomware

MyDrivingTab

The MyDrivingTab browser extension is designed to work with Google Chrome excursively and provide navigation services. The MyDrivingTab extension is developed and maintained by Upside Innovations, Inc. that offers their product under the GNU Freeware license. Web surfers can find the MyDrivingTab software at Lp.mydrivingtab.com. Computer users may spot the MyDrivingTab extension bundled with third-party apps like GOsavy and HighliteApp . The MyDrivingTab extension is programmed to substitute the default design of the new tab page in Google Chrome with a custom portal located on Drivingtabsearch.com. Additionally, Drivingtabsearch.com is set as the preferred search aggregator, and users will be redirected to Drivingtabsearch.com whenever they type keywords in the omnibar. The MyDrivingTab extension may change the functionality of the right-click menu in your browser and add a new...

Posted on July 25, 2016 in Potentially Unwanted Programs

PowerLocky Ransomware

Malware researchers report that they have spotted a new member of the PowerWare family of Ransomware that is a combination of '.locky File Extension' Ransomware and PowerWare Ransomware . The hybrid is dubbed PowerLocky Ransomware, and it is powerful as Locky Ransomware and stealthy as PowerWare Ransomware. Security vendors may detect PowerLocky as PoshCoder as well. The hybrid is designed to use the PowerShell script editor that converts PowerShell scripts to Microsoft executable files and is delivered to users as a .NET executable file attached to spam mail. The makers of the PowerLocky Ransomware seem to like the functionality of the .NET Microsoft Windows executable that allows is to unpack an embedded script automatically. The main body of the PowerLocky malware is archived into Scripts.zip and incorporated in the .NET executable as a resource. Packing the PowerLocky...

Posted on July 25, 2016 in Ransomware

WikiLeaks Unwillingly Releases Personal User Data in Recent DNC Leak

As the election season heats up and the Democratic National Committee (DNC) convention races off to a start, there are many issues in motion starting with the fact that WikiLeaks as unwillingly released sensitive information of DNC donors. The data leaked by WikiLeaks contains full names, addresses, phone numbers, social security numbers, passport IDs, and other personal data of Democratic party donors. In the string of attacks conducted by a Russian hacker, the DNC data was among a good-sized list of emails stolen and later consumed by WikiLeaks . Hackers were able to compromise data from the DNC just after the discovery of an attack on a DNC server in April 2016. At the time, an investigation ousted hackers responsible for the malware used in the attack, who are part of Russian cyber-espionage groups, Cozy Bear and Fancy Bear. The hacker who ultimately waged the attack was...

Posted on July 25, 2016 in Computer Security

Thesearch.net

The Thesearch.net domain is designed to appear as a viable alternative to Bing and Google, but good search results do not boost its reputation. The Thesearch.net domain is not trusted because it is associated with a browser hijacker that may lead users to unsafe sites and welcome them to install harmful software. Its analysis showed that Thesearch.net is hosted on the 54.243.231.130 IP address that is related to several cyber threats including Hidrag and Sality . The browser hijacker related to Thesearch.net may be distributed to users by incorporating it with free software such as LyricalParty and MedPlayerNewVersion . Computer users that like to use free software need to be mindful of browser hijackers that may be used to compromise their security. Security analysts note that the Thesearch.net browser hijacker might be used to record your Internet history and read data like...

Posted on July 22, 2016 in Browser Hijackers

Istream.link

The Istream.link domain is blacklisted by many Web filters including Websense ThreatSeeker, Certly and Trustwave and rightly so. The Istream.link domain is associated with applications that hijack the browser of users and may redirect these users to threatening pages. The browser hijacker linked to Istream.link may load content from pages like Mevio.com and PrimoSearch.com . The 104.28.19.163 IP address of Istream.link is blocked by most security apps and extensions for modern browsers like Google Chrome, Opera, and Mozilla Firefox. However, the Istream.link browser hijacker may arrive on your PC bundled with a free program like the Koox System Optimizer . The Istream.link browser hijacker may close your running browser to modify its settings and load Istream.link as your homepage and default aggregator. The program linked to Istream.link might remove security tools attached...

Posted on July 22, 2016 in Browser Hijackers

BlackMoon

The BlackMoon malware is a Banking Trojan that is favored among cyber criminals in East Asia and is known to wreak havoc in South Korea, Japan and China. The BlackMoon Trojan is distributed via drive-by-downloads and exploit kits like Sibhost and HanJuan . The BlackMoon malware has a dropper that deletes itself and introduces BlackMoon as an executable DLL into the Windows OS. The DLL loaded with BlackMoon is executed via rundll32.exe and is designed to change the Hosts file of Windows so that requests to the Internet are rerouted to an IP address controlled by a fraudster. The BlackMoon malware enters the commands ipconfig.exe and flush DNS to clear the DNS cache and make sure users are redirected to a phishing portal. In simple terms, the BlackMoon Trojan changes the way your PC access the Internet and redirects users to a phishing message whenever they open a search engine and...

Posted on July 22, 2016 in Trojans

Anatel Ransomware

The Anatel Ransomware is supposedly cryptomalware that is operated by members of the hacking collective Anonymous. The Anatel Ransomware is involved in an attack on the 'Anatel' telecommunications company. The Anatel Ransomware is an Encryption Trojan that may have been injected into the servers and computers of 'Anatel' via an exploit, spam, and a USB drive. The attack with Anatel Ransomware may be a retaliation by an angry citizen because 'Anatel' tends to block popular instant messaging services quite often and limit the user's access to the Internet. Apps like WhatsApp, Viber, and Telegram experience problems with 'Anatel' quite often. Posts on social media suggest that PC and smartphone users in Brazil are not fond of the operations of the 'Anatel' company. Malware investigators note that the Anatel Ransomware is a standard Encryption Trojan that is designed to scan the...

Posted on July 22, 2016 in Ransomware

BlackMoon Banking Trojan Compromises Over 100K South Korea Banking Accounts

A relatively new banking Trojan horse, called BlackMoon , is on the scene to overtake online banking account login credentials. BlackMoon was identified by the security firm Fortinet, calling it W32/Banra. Through their research, they found that BlackMoon has a campaign that consists of its command and control servers and several compromised computers that form a botnet to overtake South Korean banking credentials. So far, BlackMoon is suspected of compromising over 100,000 South Korean banking account credentials. BlackMoon was first identified running a scheming campaign back in 2014. Just this year, during April of 2016, just over 60,000 victims were attacked to uncover their banking details . Most of the victims were located in South Korea making BlackMoon a threat that targeted specifically in that region. The authors of BlackMoon use configuration files that...

Posted on July 22, 2016 in Computer Security

Mytrustsearch.com

Web surfers that are infected with a browser hijacker may be redirected to Mytrustsearch.com whenever they enter keywords into their search bar, Omnibar and Windows start menu. The browser hijacking application linked to Mytrustsearch.com is released to users via free software bundles that may include apps like InboxAce and the Hyper Browser . Browser hijacking software may be used by hackers to divert Web traffic to infected pages. In other cases, browser hijacking applications may serve blacklisted advertisers to earn revenue and promote faulty goods. The browser hijacker associated with Mytrustsearch.com works as a custom search engine based on Google, may record the visitor's actions and generated related ads. Using Mytrustsearch.com will provide text and image results that are limited and are polluted by many marketing materials. Web browsers that are infected with the...

Posted on July 21, 2016 in Browser Hijackers

Social-avenue.com

The Social-avenue.com portal is associated with the Social-Avenue browser plug-in that is advertised via freeware packages as a tool that should help users socialize outside the Web. The Social-Avenue browser plug-in may claim to provide a map that is populated with data about other visitors to Social-avenue.com and allow users to meet in restaurants, clubs and parks. Also, the Social-Avenue browser plug-in may welcome users to provide access to their profile on Facebook and Reddit to facilitate text, video and image communications. Users that installed the Social-Avenue plug-in and are redirected to Social-avenue.com may be surprised to see that it does not support a communications hub on its own and relies on the user to authorize it to use Facebook and Reddit. Needless to say, that type of action has security implications because Social-avenue.com is not a trusted site and the...

Posted on July 21, 2016 in Browser Hijackers

CrypMIC Ransomware

The CrypMIC Ransomware is a spitting image of the CryptXXX Ransomwarebut has several features and code differences that make it stand out. The CrypMIC Ransomware comes from threat actors that decided to follow the model employed to spread the CryptXXX Ransomware . They are using the latest version of the Neutrino Exploit Kit to deliver corrupted DLL files to their victims via corrupted ads and compromised sites. Since the CrypMIC Ransomware is embedded into pages, the users will notice that this threat is loaded in the background and is executed silently. The CrypMIC Ransomware is programmed to target up nine hundred file formats and can render servers and computer inoperable in a matter of hours. The CrypMIC Ransomware is using the AES-256 encoding algorithm to lock the victim's data and does not append a custom file extension making the indexing of the corrupted files...

Posted on July 21, 2016 in Ransomware

Windows Route Manager

The Windows Route Manager may appear in your 'Control Panel' after installing a free audio player and browsers like Wind Browser and Mustang Browser that have a bad reputation. Security analysts analyzed the Windows Route Manager app and did not recommend users to install it. The Windows Route Manager program does not have a user interface and publicly known developer. We did not manage to find a site and official distributor as well. Network analysis suggests that the Windows Route Manager program may be used to generate pay-per-click revenue and reroute Web traffic to sponsored sites. Computer users with a limited connection to the Internet may notice significant lag and inability to load videos on YouTube and Vimeo. The Windows Route Manager software is flagged as a Potentially Unwanted Program (PUP) that may decrease your computer performance and prevent you from enjoying the...

Posted on July 20, 2016 in Possibly Unwanted Program

Unlimited.co.in

Computer users that are not satisfied with Google and Bing may be interested in installing the browser enhancer linked to Unlimited.co.in that is advertised to deliver improved search results. The browser enhancer from Unlimited.co.in may arrive on your PC bundled with third-party freeware such as AppEnable and the iWON Toolbar . You should know that the application associated with Unlimited.co.in may change your new tab settings and default search provider to Unlimited.co.in. The Unlimited.co.in portal hosts a search engine that is a customized version of Google with added features from Bing and Yahoo that is supposed to provide unparalleled experience if you choose to trust the marketing team of Unlimited.co.in. However, the app linked to Unlimited.co.in is recognized as a browser hijacker that is similar to the apps related to Search.entru.com and Globasearch.com . The...

Posted on July 20, 2016 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 12 1,073