While security researchers have expected ransomware attacks to slow down in 2019, recent ransomware outbreaks remind us that we must remain ever vigilant. One such outbreak that made headlines involved a ransomware known as LockerGoga. The ransomware targeted Norwegian manufacturing company Norsk Hydro, one of the world's top aluminum producers, forcing it to halt operations in multiple factories. This severely hindered the company's production and caused its stocks to fall by 0.8 percent. It is also suspected that a variant of LockerGoga was used to target French engineering company Altran Technologies earlier in January. Ransomware is a type of malware that encrypts the files of a...

The 'National Consumer Center' pop-ups are connected to known online tactics. According to complaints, the 'National Consumer Center' pop-ups may claim that the computer user has won a free iPhone or some other similar costly prize. The 'National Consumer Center' pop-ups may include the legend 'National Consumer Center' in the upper left corner, with an official looking font, and advertisements on the right. These pop-ups are among the most common online tactics and may be used to intrude on the computer user's privacy. The 'National Consumer Center' pop-ups may be caused by adware components installed on the affected Web browser. However, the 'National Consumer Center' pop-ups also may...

People who do not like paying for legal streaming services often end up either looking to download the media they are after illicitly or searching for Web pages that offer to stream pirated content for free. However, as it is said, there is no free lunch. Websites that host pirated media tend to work with a whole network of other dodgy actors. Mainly dubious advertisers who will try to sell you all sorts of shady products and subscriptions. A common trick used by dodgy websites like the Movies123 page is to try and trick the user into giving them permission to display browser notifications. Many legitimate websites ask for permission to send browser notifications, but their goal is to...

The Reliableultimatesafevideoplayers.info website claims to host a 'reliable' and 'safe' video player free of charge that any user can download. However, this application is neither reliable nor safe, and it has been identified as unwanted and potentially harmful. The shady Reliableultimatesafevideoplayers.info site contains a few pages that appear to be hosting updates for the Adobe Flash Player – a very popular application that many users have installed on their systems. To make their website appear more legitimate, the operators of this shady page have chosen a domain name that is meant to look trustworthy. Despite the claims of the operators of the Reliableultimatesafevideoplayers.info website, rest assured that this page does not host any valuable content, and it is best for visitors to ignore the site's offers simply. Avoid...

Users who browse shady websites when they are looking for videos, especially, are likely to come across the Biggerupdateforvideos.best page. The creators of the Biggerupdateforvideos.best page have only one goal – to promote a fraudulent update for the Adobe Flash Player. Usually, to trick their visitors into applying the supposed update, dodgy websites like the Biggerupdateforvideos.best page would claim to host an engaging video that the users can only view if they update their Adobe Flash Player. It would seem that the admins of the Biggerupdateforvideos.best site are targeting Mac users mainly. Propagates Potentially Unwanted Programs Despite the claims of the authors of this shady Web page, the update they are offering is not legitimate, and it is likely that users who fall for this trick will install a PUP (Potentially Unwanted...

Malware researchers have been keeping an eye on the activity of the Vivin Botnet since 2017 when this botnet first appeared on the map. The peak activity of the Vivin Botnet was around the end of 2018. Ever since, the operators of this botnet have been neglecting this campaign, and there has been a decreasing number of hijacked systems. The goal of the creators of the Vivin Botnet is to compromise unsuspecting users' systems and plant cryptocurrency miners on them. This would allow the operators of the Vivin Botnet to mine cryptocurrencies using up the computing resources of the users whose systems have been hijacked. Mines the Monero Cryptocurrency The mining module that the creators of the Vivin Botnet inject in the compromised systems is the publicly available XMRig cryptocurrency miner. The XMRig miner is designed to mine the...

More and more cyber crooks are opting to use PayPal phishing pages to generate revenue off the backs of unsuspecting users. One of the most well-used tools for the creation of phishing pages is the 16Shop phishing kit. The authors of the 16Shop phishing kit are very experienced in the area. Cybersecurity analysts are familiar with the work of the hacking group behind the 16Shop phishing kit. Over the years, these cybercriminals have developed phishing pages mimicking commonly used online services such as American Express, Apple, and Amazon. The Creators of the 16Shop Kit Provide Their Clients with Many Perks The creators of the 16Shop phishing kit have decided to target PayPal in their latest campaign. The 16Shop kit can be used by shady individuals around the world as it is available in English and also in Spanish, German, Japanese,...

Ransomware threats are one of the worst malware types a regular user can stumble upon. Threats of this class make sure to sneak into their target's system, locate the data of interest, and lock it securely using an encryption algorithm. The goal is to blackmail the users into paying a ransom fee in exchange for a decryption key that will help them recover their data. Among the most recent ransomware threats uncovered is the Nosu Ransomware. This data-encrypting Trojan belongs to the most active ransomware family of 2019 – the STOP Ransomware family. Propagation and Encryption It has not yet been uncovered how the attackers are propagating this ransomware threat. A majority of cyber crooks who distribute file-locking Trojans opt to rely on spam emails. This entails a fake message and a corrupted attachment being sent to the targeted...

The TRSomware Ransomware is one of the newest file-locking Trojans spotted by malware analysts. This threat does not appear to be a variant of an already existing ransomware threat, and thus it is likely that the authors of the TRSomware Ransomware may have created it from scratch. Propagation and Encryption It is likely that the creators of the TRSomware Ransomware are relying on malvertising campaigns, torrent trackers, fake application updates and downloads, bogus pirated variants of popular media or software, or, the most common method, spam emails. The latter technique is popular particularly and consists of an email containing a fraudulent message and a corrupted attachment. Once opened, the attached file would allow the ransomware threat to infiltrate the system of the user. The TRSomware Ransomware is likely targeting a very...

Cybersecurity experts spot new ransomware threats daily, as this is one of the most popular malware types online. Ransomware threats are often regarded as an easy way to make a quick buck with minimum fear of any negative repercussions. Furthermore, the entry barrier is rather low as even inexperienced cyber crooks can create a data-locking Trojan with the help of a ransomware building kit. One of the newest uncovered threats of this class is the Devos Ransomware. The authors of the Devos Ransomware have based their creation on the infamous Phobos Ransomware. Propagation and Encryption Spam email campaigns are the most commonly used propagation methods regarding ransomware threats. Normally, the targeted users would receive an email that consists of a bogus message that attempts to convince them to execute the attached file. The email...

The Centerplaceofupgrade.pro site is one of the countless fake Web pages that do not provide any value to their visitors despite claiming to do so. It seems that the creators of the Centerplaceofupgrade.pro page are targeting Mac users mainly because the website claims to provide the user with an update for the Adobe Flash Player for OSX. It is likely that this fake website also is targeting users running the Windows OS as it may claim to offer Windows users an update for their Adobe Flash Player. However, both of these claims are fraudulent. Shady actors online often tend to push PUPs (Potentially Unwanted Programs) and even malware using this old trick. Do not Apply Updates from Third-Party Sites Malware researchers advise users strongly to avoid downloading software or applying updates to their applications via third-party sites as...

The most active ransomware family of 2019 continues to plague users online in 2020, too – the STOP Ransomware. During 2019, cyber crooks created and distributed over 200 copies of this nasty Trojan. It would appear that the trend is not dying down, as malware analysts have spotted a new copy of the STOP Ransomware and dubbed it the Kodc Ransomware. Propagation and Encryption A large number of cybercriminals who create ransomware threats tend to rely on spam email campaigns to propagate their Trojans. The targeted user would receive an email containing a bogus message and a corrupted attachment, which, once launched, would compromise the user’s system. Among other commonly used propagation methods are torrent trackers, fake software updates, fraudulent pirated copies of popular media and applications, etc. Most ransomware threats are...

Most authors of ransomware opt to base their creations on already existing data-locking Trojans by borrowing their code. There are cyber crooks who develop their own file-encrypting Trojans from the ground up, but these often tend to have a variety of issues and are sometimes completely useless. However, this is not the case with the RaganrokCry Ransomware. The creators of this ransomware threat have done a good job, and the RaganrokCry Ransomware is fully functional. Propagation and Encryption Most creators of ransomware threats rely on several popular means of propagation – fake application downloads and updates, torrent trackers, malvertising campaigns, bogus pirated software and media, spam emails containing macro-laced attachments, etc. Once the RaganrokCry Ransomware sneaks into your computer, it will scan the files that are...

Email tactics have existed since the dawn of the Internet. One of the newest schemes that are gaining prominence quickly is called the ‘Nest Video Extortion’ email scam. This campaign appears to target users located in the United States, mainly. According to reports, the authors of the ‘Nest Video Extortion’ tactic have sent fraudulent emails to more than 1,500 users. This tactic also can be classified as ‘sextortion’ as the attackers claim to be in possession of nude footage of the target and threaten to send them to various adult entertainment websites. The attackers also claim to have access to the user’s mobile device, which serves to intimidate the target further. Instead of just asking for cash in exchange for wiping out the supposed nude videos, the attackers take a different path. Uses Various Social Engineering Tricks Firstly,...

Users who tend to browse dodgy websites often encounter several issues as such Web pages work hand in hand with shady advertisement networks and other dubious services. Shady websites include pages hosting adult content, gambling platforms, illicit streaming sites, bogus giveaway Web pages, etc. Visitors of such websites are likely to come across the ‘YOU ARE THE CHOSEN!’ pop-ups. These fake pop-ups claim that the visitors have won a prize, and to claim it, they have to complete a few steps. To make this tactic more believable, its authors have also built a fake page with bogus reviews from non-existing individuals who claim to have won the prize in question. The Con-Artists may Utilize Various Tricks There are several tricks the ‘YOU ARE THE CHOSEN!’ pop-ups may attempt to pull on the user. One of them is tricking them into allowing...

The JhoneRAT is an impressive RAT (Remote Access Trojan) whose activity has spiked recently. After studying this threat, malware analysts concluded that it has likely been built from the ground up. This is not unusual, but many authors of RATs prefer to borrow the code of existing threats instead of building a tool from scratch. According to the experts, the JhoneRAT is written in the Python programming language. Propagation Method The JhoneRAT is being distributed with the help of spam email campaigns. This is a very popular propagation method when it comes to spreading malware. Usually, the spam emails would contain a corrupted attached file. This is the case with the JhoneRAT too. The attachments used in the propagation of the JhoneRAThave two types – one claims to be an important document that has to be opened urgently, while the...

Malware researchers have uncovered a brand-new infostealer pestering users online. This threat is dubbed the LALALA Infostealer, and it is not known who are the developers behind it. The goal of the LALALA Infostealer is to sneak into their target’s system silently, collect information, and then exfiltrate the gathered data to the attackers’ C&C (Command & Control) server. Gathers, Compresses and Transfers Data to the Attackers’ C&C It appears that the authors of the LALALA Infostealer are using spam email campaigns to propagate this threat. Usually, this includes a fake message and a macro-laced attachment. Users who fall for this trick and launch the attached file would allow the threat to compromise their system. Upon infecting a targeted PC, the LALALA Infostealer will make sure that a VBS file is executed every minute. The VBS...

Cybersecurity analysts have uncovered a new data-encrypting threat targeting unsuspecting users online. The name of this new threat is the Picocode Ransomware. This ransomware threat may have been built from scratch as it does not appear to be a variant of any of the popular file-locking Trojans known to malware researchers. Propagation and Encryption Many authors of ransomware threats use spam emails to spread their threatening creations. The emails in question tend to contain a macro-laced attachment and a fraudulent message that urges the user to execute the attached file. Corrupted advertisement campaigns, bogus applications downloads, updates, and torrent trackers are also among the popular propagation methods used by ransomware authors. The Picocode Ransomware is designed to cause maximum damage to the compromised host. This is...