WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

PC security researchers received reports of ransomware attacks involving a threat known as the STOP Ransomware on February 21, 2018. The STOP Ransomware is based on an open source ransomware platform and carries out a typical version of an encryption ransomware attack. The STOP Ransomware is distributed using spam email messages containing corrupted file attachments. These file attachments take the form of DOCX files with embedded macro scripts that download and install the STOP Ransomware onto the victim's computer. Learning how to recognize phishing emails and avoiding to download any unsolicited file attachments received is one of the ways to avoid these attacks. How to Recognize a...

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

Search Marquis is a browser component that may disguise itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results. This Week In Malware Episode 36 Part 2: Why Your Web Browser is Redirecting to Search Marquis & and How to Stop It! Once installed on a Mac...

The Fuq.com virus is an adware-type of program that promotes websites with pornographic content. The advertising campaigns of this Potentially Unwanted Program (PUP) are very aggressive. They force their victims to view the suspicious content of the promoted pages by displaying relevant advertisements, banners or videos on the infected devices. The Fuq.com virus falls under the Mac viruses category and may cause many cybersecurity issues because of the content it pushes – pornographic websites often lead users to other unsafe websites, trigger malware downloads, or trick users into installing potentially harmful applications and tools. This Mac virus can be found on all popular browsers, including Firefox, Chrome, Safari, and Edge, whereby some typical symptoms will indicate its presence. The Fuq.com virus modifies the browser's...

Antnormo.top is a fraudulent website with a single goal - to trick its visitors into subscribing to its push notification services. There are many websites virtually identical to Antnormo.top and more are being brought into existence each day. They all conduct the same tactic and operate in the same way. Thanks to various social-engineering tactics, they manipulate users into clicking the 'Allow' button. No matter what the displayed fake alert or error messages might have implied, the only thing that will happen by clicking this button is that the websites will now have all of the permissions they require to start executing their agenda - the delivery of unsolicited advertisements to the screen of the affected device and the generation of monetary gains in the process. By far, the most widespread deceptive method is for the tactic...

Bestpeacheu.com is a website that users visit willingly rarely. Instead, they are brought there by forced redirects or adware PUPs (Potentially Unwanted Programs) lurking inside their devices. There are countless websites identical to Bestpeacheu.com, and they all attempt to trick people into downloading a promoted application, in most cases, just another PUP. The main difference between the various websites involved in this scheme is the particular scenario that they employ. A considerable number of them try to scare their visitors by generating fake alarms or pop-ups that state that the user's device has been damaged or compromised by several malware threats. They urge their visitors to download the promoted application to prevent supposedly compromised data from the device from being leaked out. Although Bestpeacheu.com has been...

The Wbxd Ransomware is a new potent threat spawned from the infamous STOP/DJVU Ransomware family. Although the Wbxd Ransomware doesn't display any major improvements or deviations from the typical behavior attributed to the STOP/DJVU Ransomware family, it is nonetheless threatening enough to cause severe damage to any computer it manages to infect. The Wbxd Ransomware victims will be locked out from accessing their own files, including OpenOffice documents, MS Office files, archives, databases, audio, video, image files, etc. All files affected by the threat will have the '.wbxd' extension appended to their original names as a new extension. The Wbxd Ransomware uses the characteristic ransom note observed in all the STOP/DJVU Ransomware variants and delivers it in the form of text files named '_readme.txt.' A copy of the note-carrying...

Infosec researchers uncovered a previously unknown backdoor threat used in a series of attacks by a Chinese-based threat actor. The threatening operations targeted video game developers and publishers from Hong Kong and Russia predominantly. During the four distinct attacks, the hackers employed several different malware strains, which made attributing the campaign to a particular threat actor more difficult.  In May 2020, the hackers launched two separate attacks. The first one relied on LNK shortcuts that fetched and executed the final threatening payload, while the second operation employed a bit more sophisticated attack chain. The hackers distributed emails with a threatening RAR archive as an attachment. Inside the archive were two shortcuts to PDFs that acted as decoys pretending to be a CV and an IELTS certificate. The...

Computers have continuously become more complicated machines that need to have a constant and perfect synergy between numerous hardware components and software programs to operate at optimal levels. Even small interferences could have significant consequences leading to abrupt restarts, critical errors, or shutdowns. So, if you have noticed that your computer has started to behave erratically and you have lost precious progress to sudden system shutdown several times already, what is a good starting point when searching for the underlying cause? When dealing with random shutdowns, it might be a good idea to start with the power supply. Ensure that the power cord is plugged in and that the outlet is not having any malfunctions. Then take a look at the maximum Watts supported by the power supply unit connected to the computers. If at any...

Several extremely competent software products are dedicated to playing different media products out there but having to learn an entirely new product to watch a movie or listen to a song may not seem like an appealing prospect to some people. Indeed, many have become accustomed to using the built-in Windows Media Player, but what to do when you've upgraded to Windows 10 and can no longer find the application? Don't fret; Windows Media Player can still be accessed. First, right-click the Windows icon located on the left side of your taskbar. From the available options, open 'applications and Features.' In the new window, click on 'Optional features.' Now click on 'Add a feature' and scroll through the list until you find Windows Media Player. Wait for the installment process to complete and then search for the application through the...

Edintered.online is a potentially fraudulent website that uses a common social engineering trick to conduct harmful third-party campaigns. Its deceiving strategy is no different than the one that many other similar websites use. When people visit Edintered.online, they see a black screen and a message saying that the user needs to click on a given 'Allow" button to confirm he is not a robot.  'Edintered.online wants to Show notifications Click Allow to confirm that you are not a robot' In fact, though, this is a fake verification test for robots that represents a fraudulent technique used by pages like Edintered.online for acquiring user permission to send them unsolicited advertisements. Unfortunately, many naive Internet users fall into that trap, and by subscribing to Edintered. online's notifications expose themselves to huge...

Villesleytr.online pop-ups are a popular Internet tactic whose goal is to trick users into accepting push notifications from the corresponding rogue website. It is part of an advertising campaign for promoting unsafe pages, mostly offering adult content, online gambling services, fake deals or Potentially Unwanted Applications (PUAs). When users visit Villesleytr.online, the page shows a black screen that creates the impression that the website has some meaningful content to be displayed. However, the page claims the visitor needs to allow notifications to see it. A misleading message with the following text appears: 'Villesleytr.online wants to Show notifications Click Allow to confirm that you are not a robot!' Users should know that this is most likely a clickbait tactic since Villesleytr.online has no content. Clicking on the...

With footholds in everything from gaming peripherals to user-input devices to smartphones, Bluetooth wireless technology is a convenient alternative to running data cables from the computer to every device. It does have drawbacks in turn, though, which may take some Bluetooth users off-guard. Since Bluetooth problems preventing connectivity aren't uncommon, experts recommend that users run through the most appropriate and accessible solutions before assuming that their device is dead. Examples of Bluetooth problems common to many Windows setups include connectivity failure after an update to Windows or other software, Bluetooth's vanishing from the Task Manager or missing icons. Depending on the cause, these symptoms may not all include a total loss of Bluetooth functionality. Users with out-of-date Bluetooth driver software should...

Daisybuleonclock.com is a mostly empty website, but don't let that fool you - the website exists for the sole purpose of carrying out a popular browser scam. It tries to fool its visitors into clicking the 'Allow' button by employing deceptive social-engineering tactics. Daisybuleonclock.com is in no way unique; in fact, the opposite is true. There are countless websites virtually identical to each other that are all propagating the same type of scam, and more websites are popping into existence every single day. By far, the most popular scenario is for the scam website to pretend to be performing a captcha bot check. Daisybuleonclock.com, however, has chosen a different approach, trying to take advantage of the curiosity of its visitors. Anyone who lands on the site will be presented with a video window that appears to be currently...

Fast2captcha.com is a deceptive website that exists for a singular purpose - to try and trick PC users into subscribing to its push notification services by clicking the 'Allow' button. This particular scam has been perpetuated through a myriad of virtually identical websites, with more and more being put on the net each day. Fast2captcha.com is not an exception. Any visitor who lands on the website will be presented with several fake or misleading messages, alerts, or error messages. The main trick employed by Fast2captcha.com and by far the most widespread one among this type of scam websites is to pretend to be conducting a captcha check for bots. Prominently displayed on the site will be an animated robot with a through bubble stating the following: 'CLICK ALLOW TO CONFIRM YOU ARE NOT A ROBOT!' If the visitor follows the...

The M88P Ransomware is a file-locking Trojan from the AES-Matrix Ransomware family. It blocks the user's files, typically targeting valuable media like documents, by encrypting them with a secured algorithm, which stops them from opening. Users should ignore ransom demands and use other recovery options, if possible while having an appropriate security solution to delete the M88P Ransomware. Social Engineering Updates in Trojan Families As the file-locker Trojan industry cements its operating procedures in place, like any business, some actors seek improvement and evolution instead of resting on their laurels. Exemplary of this work ethic is the AES-Matrix Ransomware family, which leans into improving its ransom techniques recently – after attacking victims since 2017. However, while this M88P Ransomware update's means of asking for...

The TeslaRVNG1.5 Ransomware is a file-locking Trojan that updates the KingOuroboros Ransomware from the CryptoWire Ransomware proof-of-concept project. It locks the user's files with encryption and creates a pop-up that instructs victims to contact the threat actor over e-mail. Windows users should store backups on other devices for optimizing data recovery and let standard security solutions remove the TeslaRVNG1.5 Ransomware infections. A Small-Time King Comes Back for a Bigger Treasury Locking someone else's files for money is a risky business, both for the criminals who may not get their payout and the victims experiencing the sabotage of their work. One campaign added fuel to the fire previously by potentially corrupting data without any hope of restoration. Now, malware researchers point to a successor to this ill-conceived...

Nedexam.top is a browser-based tactic that aims to make users subscribe to its push notifications. Once this is achieved, this rogue website starts delivering unwanted and potentially harmful advertisements, banners, and pop-ups direct to the target device. Visitors of this website see a blank screen on which the following misleading message is displayed: 'Nedexam.top wants to Show notifications Click Allow to confirm that you are not a robot!' Users who click on the 'Allow' button unknowingly give Nedexam.top permission to send them browser notifications. Messages from this website usually advertise websites with adult content, such that offer fake/cracked software copies, online gaming websites, and many other potentially unsafe products and services on the Internet. If you see Nedexam.top advertisements on your screen, you probably...

Pointcaptchaspot.com is a potentially unsafe website that wants to trick visitors into subscribing to its browser notifications. This page starts sending countless advertising pop-ups and other third-party content straight to the users' phones or computers in case of a successful subscription. Pointcaptchaspot.com displays a fake CAPTCHA-human verification test saying: 'Pointcaptchaspot.com wants to Show notifications Click Allow to confirm that you are not a robot!' If the users fall into that trap and click on the 'Allow' button, they give the compromised page permission to deliver advertising material to their devices, even when no browser is launched. The spam pop-ups advertise online games, websites with adult content, various Potential Unwanted Programs (PUPs), fake software updates and other questionable content. Pages offering...