WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

The Shlayer Trojan is a cyber-threat aimed at Mac users who might be interested in trying out application stores other than the official App Store by Apple. The Shlayer Trojan might be promoted to the users as an independent application delivery platform that offers discounts on premium software. The Shlayer platform was reported of delivering harmful programs, unwanted browser extension, unrequested Internet settings modifications, promoting questionable shopping helpers and distributing supposedly free premium applications. The Shlayer Trojan was recognized by computer security researchers in January 2019 when the users started reporting fake Adobe Flash updates to Web browser vendors....

The CoronaVirus Ransomware (also called CoronaVi2022 Ransomware) is a file-locker, which was released in the wild recently, and it seems that its author has opted to use the name of the Coronavirus (also known as COVID-19), which is a disease that is threatening users worldwide. Just like the disease it is named after, the CoronaVirus Ransomware also threatens users worldwide, but in a different way – it will try to encrypt their files, and also overwrite the contents of their drive's Master Boot Record (MBR). The latter operation may cause a lot of trouble, since the victims' computers will not load their operating system and, instead, they will display a copy of the CoronaVirus...

The ongoing outbreak of the coronavirus is now disrupting business across the world, but apparently cybercriminals have no days off, since they're just as active as they were before the beginning of the outbreak. It appears they are now capitalizing on the fears of the people regarding the pandemic. It was back in January that the hackers started using the coronavirus threat as a focus of an email campaign that infected users with malware, and now they are expanding their operations to coronavirus outbreak maps that follow the number of infections and deaths across the world. Many organizations are feeling the pressure from these attacks, such as John Hopkins University who created...

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Win32 Malware.gen is a so-called generic threat - a suspicious file fetched by an anti-virus scan that appears to be malicious but does not match any of the definitions of known malware threats contained in the anti-virus software's database. Therefore, an alert from an anti-malware program for a Win32 Malware.gen detection indicates that there is a 32-bit file on a Windows operating system that should be flagged for further inspection. An infection generally described as Win32 Malware.gen is thus a heuristic detection designed to indicate the presence of some kind of a yet undetermined Trojan horse for Windows PCs. It is also possible that files reported as a Win32 Malware.gen infection...

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

The Ke3chang hacking group is an APT (Advanced Persistent Threat) that originates from China. It is likely that the Ke3chang APT is sponsored by the Chinese government and is used to carry out cyberattacks on their behalf. The Ke3chang hacking group is known to have carried out a number of high-profile operations that targeted foreign government bodies, business organizations, diplomatic missions and others. Two of the most popular hacking tools in the arsenal of the Ke3chang group are called Ketrican and Okrum. Recently, malware researchers have uncovered a new threat, that appears to be a hybrid between the Ketrican and Okrum tools. This new malware has been named the Ketrum Backdoor appropriately. The Ketrum Backdoor is a rather minimalistic utility, just like the majority of the hacking tools created by the Ke3chang group. Some...

The Newsgate.biz site hosts a low-tier online tactic known as 'Please Click Allow to Continue.' This shady site will likely try to attract visitors by claiming to offer exciting news and engaging videos. Unfortunately, the Newsgate.biz site is not hosting any content, so you should not waste your precious time with it. When you open the Newsgate.biz site, you will see a fake video prompt, and you will be invited to click on the 'Allow' button to get access to the video the page claims to host. Clicking on the 'Allow' button, you will not be granted access to the exciting content promised – instead, the Newsgate.biz page will get permission to send you push-notifications via your Web browser. The Newsgate.biz page will utilize this permission to bombard you with advertisements non-stop. Users state that even when their Web browser is...

The Ezy Photo Tab application is an add-on that claims to offer users editing tools, which would allow them to edit their photos and videos from their Web browser directly. However, the tools offered by the Ezy Photo Tab extension are available online freely. This means that the download and installation of any third-party applications to access the utilities and services offered by the Ezy Photo Tab Web browser extension is not necessary. If you install the Ezy Photo Tad add-on, you will notice that your default new tab page has been changed. This is because the Ezy Photo Tab extension alters the settings of your Web browser without your knowledge. This is the typical conduct of a PUP (Potentially Unwanted Program). The website that users of the Ezy Photo Tab add-on view every time open a default new tab page is hosted on...

Coronavirus Finder is the name of the key part of a harmful campaign that is carried out via a banking Trojan called Ginp. The Ginp banking Trojan targets Android users' finances. Among the most recently added features of the Ginp banking Trojan is a bogus prompt that informs the targeted users that they have been in close proximity with several individuals who are known to be infected with the Coronavirus. The prompt asks the user to pay a small fee, less than one Euro, which will allow them to view the locations, as well as identities of the individuals in question. The name of the prompt is Coronavirus Finder, and it requests the payment to be made via the user's credit card. Of course, this means that the users will be required to fill in their banking information, which will then be transferred to the C&C (Command & Control)...

The FakeAdBlocker is an application for Android devices that claims to help users block unwanted advertisements and therefore enhance their browsing quality. Unfortunately, this is definitely not the case. The FakeAdBlocker utility not only fails to remove or block any advertisements but would make sure to introduce a ton of new advertisements whenever you are using your Android device. This scheme is monetized as the more advertisements the user is spammed with more revenue are the adware creators generating. The operators of the FakeAdBlocker adware program are likely to distribute it using several methods including: Misleading advertisements that promote this fake utility. Bogus advertisements, which are hosted on the official Google Play Store. Fraudulent advertisements hosted on third-party application stores. Users need to be...

Ewind is the name of an adware family, which targets Android users located in the Russian Federation primarily. The operators of the Ewind adware have opted to use an interesting strategy to propagate their creation: First, the conmen download a genuine application from the Google Play Store. Next, they decompile the application to add the code of the Ewind adware. Finally, they repack the application and upload it to application stores, which are popular in the Russian Federation. Despite the fact that the applications are considered fake after the conmen have fiddled with them, they still operate as intended, and users may not notice anything out of the ordinary. The operators of the Ewind adware are known to have used this trick to create bogus copies of popular applications and mobile games like Vkontakte, Opera Mobile, Minecraft,...

The DEFENSOR ID threat is a newly uncovered banking Trojan, which targets Android devices. The DEFENSOR ID malware was hosted on the official Google Play Store. This malware was masked as a useful application that is meant to boost the security of the device and help the users protect their finances better. However, nothing can be further from the truth. As soon as the DEFENSOR ID utility is installed on your device, it will demand access to Android's Accessibility Features. This should raise a red flag right way, as this has become a common trick used by cyber crooks that target Android devices. If the user allows the DEFENSOR ID access to Android's Accessibility Features, the threat will receive escalated privileges on the host. This may allow the DEFENSOR ID threat to access the user's email account, bank account, cryptocurrency...

The ComRAT (Remote Access Trojan) hacking tool is a part of the arsenal of the infamous Turla APT (Advanced Persistent Threat). The ComRAT malware was first spotted over a decade ago in 2008. Cybersecurity experts believe that the Turla APT operates from Russia and is likely sponsored by the Kremlin as most of their targets appear to be individuals or institutions that are of interest to the Russian government. Many of the targets of the Turla APT are foreign government bodies, which are usually located in North America, Europe, Africa, the Middle East and Asia. Despite the fact that the ComRAT threat is a Trojan that was first discovered twelve years ago, it is being used in Turla's campaigns to this day. The latest Turla operation that employed the ComRAT threat was carried out in January 2020. This campaign targeted various...

“STOP: 0x000000A5” is one of many computer errors capable of triggering the so-called Blue Screen of Death (BSOD) — a bluish screen indicative of a system crash. You are most likely to see the STOP: 0x000000A5 Blue Screen error on your desktop when the Advanced Configuration and Power Interface (ACPI) of your BIOS is incompatible with the MS Windows version you are trying to install. Note! This error mainly applies to older MS Windows versions such as XP, 7, or 8 (8.1). You may also face it when trying to set up a Win XP virtual machine. If you want to install MS Windows 10 on your PC, the 0x000000A5 error should not come up. Developed by Toshiba, Intel, and Microsoft, the ACPI allows for...

The hacker group behind the REvil/Sodinokibi ransomware recently attacked Grubman Shire Meiselas & Sacks(GSMS), a major New York-based law firm, encrypting and stealing sensitive information and threatening to release it if a $42 million ransom is not paid. At the beginning of May, the hackers breached the law firm's network. They allegedly stole more than 750GB of data that included email addresses, phone numbers, personal correspondence, music rights, and nondisclosure agreements of a considerable number of A-list celebrities. Some of the celebrities whose data was stolen include Madonna, Elton John, Bruce Springsteen, Mariah Carey, Nicky Minaj, and Jessica Simpson. The REvil/Sodinokibi...

Medical data and personal information belonging to the patients of the Fresenius Medical Care unit have been posted online. Fresenius is the largest private hospital operator and provider of dialysis products and services. Because of the ongoing COVID-19 pandemic, their services have been in high demand. The company took a hit with a ransomware attack aimed at their systems. Fresenius shared that the incident managed to put some limitations on their operations, but patient care wasn't affected. What Happened at Fresenius? The company is based in Germany, including four businesses under the same umbrella: Fresenius Helios, the largest private hospital operator, according to the company;...

Ragnarlocker is a strain of ransomware associated with and run by an eponymous group of bad actors. The ransomware has been around for just a few months, with the first known attacks using Ragnalocker taking place in December 2019, but it is already coming up with new tricks. Security experts with Sophos noticed a new attack using Ragnarlocker in May 2020, but this time the approach was very unusual. The bad actors first installed VirtualBox – an open-source virtualization application – on the victim’s system and then deployed the ransomware under the virtual machine (VM). This allows the ransomware to run in an isolated environment, hidden away from security software running on the...

The Sarwent malware first showed up in 2018. Back then, the Sarwent threat was a very basic piece of malware, which only served as a first-stage payload that allows the attackers to plant other threats on the infected computer. However, malware experts have spotted new iterations of the Sarwent threat that appear to be far superior to the earliest variants of this Trojan. The latest variants of the Sarwent Trojan pack two main features, which were not available on earlier versions of the threat: They are capable of utilizing the PowerShell utility and the Windows Command Prompt service to execute remote commands on the compromised host. They are able to set up a new Windows user, which can be used to allow the attackers to use RDP (Remote Desktop Protocol) services and therefore access the host via an RDP connection. Using an RDP...

The Blue Mockingbird Malware is an organization run by hackers who appear to have the end goal of creating and running a botnet that would mine cryptocurrency. This hacking group first appeared in December 2019. The servers that the attackers target are very specific - the only common trait the victims have between them is that they almost always run the Telerik UI framework alongside variable ASP.NET utilities. Doing so enables the attackers to exploit a vulnerability known as CVE-2019-18935. This vulnerability would allow the Blue Mockingbird Malware to plant a shell on the targeted system and therefore take control over it. Usually, attacks like that aim at collecting sensitive files, confidential data, personal details, etc. However, instead of carrying out a reconnaissance operation, the Blue Mockingbird Malware has opted to...

The CovidWorldCry Ransomware is a new file-locking Trojan that is being propagated via fraudulent phishing emails. Countless cybercriminals worldwide are using the COVID-19 pandemic to spread online tactics and various malware. As the name indicates, the CovidWorldCry Ransomware is no exception. To propagate the CovidWorldCry Ransomware, the attackers are likely to use phishing emails that contain a bogus attachment, which may be presented as an important document that contains crucial information regarding the Coronavirus pandemic. Encryption When the CovidWorldCry Ransomware infects your PC, it will start scanning your data and locating your files. This threat is likely targeting documents, images, spreadsheets, presentations, archives, audio files, videos, databases and various other filetypes. This will result in most of your files...