Aggressive Phishing Campaign Strikes PayPal Users to Steal Identities

Just last month there was a rash of attacks that propagated a phishing campaign that targeted Gmail users to gain access to their Google account and pilfer personal data. Now, there appears to be an attack on PayPal users through an aggressive phishing campaign spreading through emails that pretend to be from PayPal. PayPal, as many of us know, is a widely popular online payment system that supports online money transactions and services as an alternative to traditional money transfer methods. According to Statista, there are over 197 million active PayPal accounts around the world comprising of personal and business use. With so many people using PayPal, it is no wonder that hackers have taken the effort to target and attack PayPal users with a phishing campaign in the recent weeks. The particular PayPal phishing campaign is...

Posted on February 1, 2017 in Computer Security

‘Usabankingcare.online’ Pop-Ups

The Usabankingcare.online domain is recognized as untrusted because it is used to host phishing content. Misleading information uploaded on Usabankingcare.online is intended to fool users into thinking their online banking account, Facebook log-in details, and email accounts might have been breached, and they need to call the 888-710-1018 toll-free phone line. The design of Usabankingcare.online consists of a screenshot of Support.microsoft.com that is the legitimate support page of the Microsoft Corp. for Windows OS users. The screenshot at Usabankingcare.online is modified to include the statement ‘Windows Has Been Blocked Due To Suspicious Activity!’ and offer help on the 888-710-1018 phone line. The page does not feature HTTPS encryption and is not managed by a partner of the Microsoft Corp. Evidently, con artists are...

Posted on February 1, 2017 in Adware

‘Yourscanfreport.xyz’ Pop-Ups

The ‘Yourscanfreport.xyz’ messages are not legitimate Windows OS alerts, and you should not expect help from certified computer experts at Microsoft Corp. Web surfers may experience the ‘Yourscanfreport.xyz’ pop-up windows when they load a untrusted page after clicking on an ad. As the name suggests, the fake “Windows” alerts are presented to everyone that loads Yourscanfreport.xyz, which is deemed as a phishing site and blacklisted by Web filters like Sucuri, Websense ThreatSeeker, Mozilla Phishing protection and Google Safebrowsing. We should note that it may be difficult for users to distinguish the phishing messages on Yourscanfreport.xyz from the warnings used by Google Safebrowsing. The coders that wrote the page on Yourscanfreport.xyz made it look like the alert shown in Google Chrome when you...

Posted on February 1, 2017 in Adware

‘Microsoft-official-error7100.xyz’ Pop-Ups

The ‘Microsoft-official-error7100.xyz’ pop-up windows in your browser may include your real IP address and appear to be security alerts related to your Windows key, but they are not to be trusted. The ‘Microsoft-official-error7100.xyz’ pop-up windows are hosted on insecure pages and associated with browser hijacking software. The ‘Microsoft-official-error7100.xyz’ alerts may resemble the warnings shown by the Google Safebrowsing feature incorporated into Google Chrome, but they are not generated by Google Inc. Con artists designed the ‘Microsoft-official-error7100.xyz’ alerts to resemble legitimate warnings from trusted Web filters and security vendors to claim credibility. Additionally, the content on Microsoft-official-error7100.xyz was seen on a few other pages that include...

Posted on February 1, 2017 in Adware

Cryptofag Ransomware

The Cryptofag Ransomware is a ransomware Trojan that is used to carry out ransomware attacks on victims. The Cryptofag Ransomware is designed to hold the victim hostage by encrypting the victim’s files and then demanding the payment of a ransom to restore access to the affected files. These attacks have become popular in the last year increasingly, and represent a real threat to computer users. Because of this, it is becoming crucial that computer users take precautions to ensure that their computers are protected against attacks like the Cryptofag Ransomware. The Cryptofag Ransomware is an encryption ransomware Trojan because it encrypts the victim’s files to demand a ransom. The Cryptofag Ransomware was first observed on January 17, 2017, and has been responsible for various attacks. The Cryptofag Ransomware may be...

Posted on February 1, 2017 in Ransomware

EvilLock Ransomware

The EvilLock Ransomware is a ransomware Trojan that is used to encrypt the victims’ files. The EvilLock Ransomware does this so that the people responsible for the attack can then demand a ransom payment in exchange for the decryption key, needed to recover the affected files. Take precautions to ensure that your computer is well protected against ransomware Trojans like the EvilLock Ransomware. The EvilLock Ransomware is designed to encrypt files. There are several versions of the EvilLock Ransomware. The newest of these can be identified easily because files that are encrypted during the EvilLock Ransomware will have the extension ‘.EvilLock,’ which is added to each affected file’s name. The victims of the EvilLock Ransomware attack are instructed to contact the con artists responsible for the attack at...

Posted on February 1, 2017 in Ransomware

Tampa, Orlando, and St. Louis had the Highest 2016 Malware Infection Rates in the United States

Computers in Tampa, Orlando, and St. Louis are more likely than computers in any other city to be infected with malware. That’s according to data released today by ESG, makers of the SpyHunter anti-spyware program . The ESG research team compiled their latest data based on malware detection data from SpyHunter in the 100 largest cities in the United States in all of 2016. Tampa, Florida; Orlando, Florida; and St. Louis, Missouri each had malware infection rates more than five times the national average. Denver and Atlanta rounded out the top five. The same three cities topped the list of highest infection rates in 2015 as well. “There could be a number of factors including the demographics of the area, how widespread PC usage is (versus Mac or mobile devices), we’ve even seen weather play a role in infections...

Posted on January 31, 2017 in Computer Security

‘.7zipper File Extension’ Ransomware

The ‘.7zipper File Extension’ Ransomware is a ransomware Trojan that seems to target computer users in Portuguese-speaking countries (mainly Brazil). The ‘.7zipper File Extension’ Ransomware is branded around the 7-zip program, a popular free utility used to read and create archive files. The people responsible for the ‘.7zipper File Extension’ Ransomware has implemented the open source code of this popular free application into their ransomware Trojan. Computer users in countries where Portuguese is the main language reported attacks involving the ‘.7zipper File Extension’ Ransomware starting on January 29, 2017. Victims of the ‘.7zipper File Extension’ Ransomware attacks claimed to have received spam email messages disguised as notifications from essential service providers...

Posted on January 31, 2017 in Ransomware

‘This is Hitler’ Ransomware

The ‘This is Hitler’ Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The ‘This is Hitler’ Ransomware is the final version of a ransomware Trojan that was released earlier in 2016. This is obvious but also stated directly in the ‘This is Hitler’ Ransomware’s ransom note. However, although there is a relationship between the two, malware analysts suspect that the people responsible for the ‘This is Hitler’ Ransomware are not the same people that created the original Hitler Ransomware . The ‘This is Hitler’ Ransomware, like its predecessor, fails to encrypt the victim’s files. However, while the earlier version of this threat deleted the victim’s files with intent to do harm, the ‘This is Hitler’...

Posted on January 31, 2017 in Ransomware

XCrypt Ransomware

The XCrypt Ransomware was first observed on January 29, 2017. The XCrypt Ransomware is not based on an open source code or part of a RaaS (Ransomware as a Service) service, but that it seems to have been created independently. It is likely that the creator of the XCrypt Ransomware is located in Russia. The XCrypt Ransomware’s ransom note, contained in a file named ‘Xhelp.jpg,’ has a Russian text. However, it does not seem that the XCrypt Ransomware targets computer users in Russia; attacks involving the XCrypt Ransomware have been detected all over the world and are not limited to Russian speakers. PC security analysts suspect that most of the XCrypt Ransomware infections are delivered using phishing email messages, which trick computer users into opening the included file attachment. Emails used to deliver the...

Posted on January 31, 2017 in Ransomware

‘.zXz File Extension’ Ransomware

The ‘.zXz File Extension’ Ransomware is a ransomware Trojan that was first observed on January 24, 2017. However, it is clear that the ‘.zXz File Extension’ Ransomware is a variant of a ransomware Trojan that has been around for a long time. The ‘.zXz File Extension’ Ransomware does seem to be a ransomware Trojan created independently, rather than being part of a RaaS (Ransomware as a Service) provider or a variant on an existing open source ransomware engine such as Hidden Tear. However, there is little to differentiate the ‘.zXz File Extension’ Ransomware from most ransomware Trojans active today, and the ‘.zXz File Extension’ Ransomware uses a simple implementation that carries out a direct, stripped-down ransomware attack. The ‘.zXz File Extension’ Ransomware...

Posted on January 31, 2017 in Ransomware

Several Washington DC CCTV Cameras Taken Down by Ransomware Days Before Trump Inauguration

There’s a brave new world out there when technology makes or breaks our livelihood. In the recent scope of the political atmosphere, there are a multitude of stories swirling around the US presidential Election and the new leader of the free world’s recent actions during his first week in office. Among the stories making their rounds, there is one that has sparked our attention in the cybersecurity world out of the Washington Post. In a recent article, the Washington Post claims that about 70% of the storage devices of CCTV systems in Washington DC that had the task of recording data from the D.C. Police surveillance cameras were infected by hackers days before Trump’s Inauguration. Such an alarming finding allegedly from city officials makes us wonder what else may have taken place on the cybersecurity front at...

Posted on January 30, 2017 in Computer Security

Seek123.net

Seek123.net is a questionable search service that does no appear to function properly. When you enter keywords on the search bar on Seek123.net and click the magnifying glass on the side nothing happens. The user is redirected to seek123.net/index.php?page=search/noresults&search=[KEYWORD]&type=web where no results are displayed. Additionally, the Seek123.net site is related to cases of browser hijacking so that security researchers decided to take a closer look at Seek123.net. The site is registered to the 54.225.242.78 IP address where we found that Seek123.net has a clone hosted on Seekdot.net, which supports the same design and functionality. Both portals appear to be related to a program named ‘Search Plugin’ that is offered to users as a search enhancement utility. The ‘Search Plugin’ software is...

Posted on January 30, 2017 in Browser Hijackers

‘Error Code: 154-247-087’ Pop-Ups

The ‘Error Code: 154-247-087’ pop-up windows are associated with untrusted pages on the Internet that host phishing content. The ‘Error Code: 154-247-087’ pop-ups are presented to users who load a phishing domain and their browser loads code riddled with errors. The coders that designed the page hosting the ‘Error Code: 154-247-087’ messages are aimed to make the browser behave strangely and convince the user there may be problems with their PCs. The pages linked to the ‘Error Code: 154-247-087’ messages are known to use the title ‘IMPORTANT ALERT’ and prevent the browser from switching to another tab. As stated before, the code is embedded into the untrusted site that is intended to freeze the browser and make it unresponsive. Regardless of the browser, you are running, the...

Posted on January 30, 2017 in Adware

Win0rr02x012417ml.club

The Win0rr02x012417ml.com domain is blacklisted by many Web filtering services such as Google Safebrowsing, Mozilla Phishing Protection, and Sucuri. The reason for the blacklisting is that the domain is used to host misleading information and suggest users call a technical support center that claims to offer legitimate services by the Microsoft Corp. Additionally, Win0rr02x012417ml.com includes images and logos that are trademarks of the Microsoft Corp. to claim credibility. Web surfers that load Win0rr02x012417ml.com are presented with a screenshot of Support.microsoft.com and a dialog box that says the desktop is locked due to suspicious activity. The pop-up on Win0rr02x012417ml.com is generated via JavaScript, which is tailored to make the browser reload Win0rr02x012417ml.com continuously. Thus, browsers like Google Chrome, Opera,...

Posted on January 30, 2017 in Browser Hijackers