The software package known as VulkanRT has recently caused a bit of commotion online. There have been posts on various forums and online communities, made by people who got confused by the sudden appearance of an entry named "VulkanRT" in their installed programs list. Some users were surprised and confused by the new entry and, not knowing what it was, assumed it was a virus and communicated their fears online. In reality, VulkanRT is not a threat or a malicious piece of software. The RT in the name stands for "runtime libraries". Vulkan, on the other hand, is the name of a graphical API which has the purpose of providing direct control over the computer's GPU and CPU usage. VulkanRT is developed by the Khronos Group in 2014 with the participation of huge IT names such as Intel, NVidia, AMD, Google , and Apple. The API was initially...

The Bundesliga-streams.net website does not host any unsafe content, but it is a shady page that should be avoided. Users who come across the Bundesliga-streams.net page were likely looking for illicit streams of football (soccer) games from the German football league called the Bundesliga. We recommend you not to visit websites like the Bundesliga-streams.net as they are hosting illicit content and often have malvertising present on their page. These malvertising campaigns tend to promote low-quality products and dodgy or fake services. Uses Social Engineering Tricks The Bundesliga-streams.net site, much like many other shady pages, is likely to use a variety of social engineering techniques to manipulate the actions of the user. Among them can be: The users may be asked to download and install a fake codec pack or media player if...

Sodinokibi Ransomware is a new malware threat that is gaining traction in the cybercriminal circles. Although Sodinokibi operates in the typical ransomware fashion - it infiltrates the victim's computer, uses a strong encryption algorithm to encrypt the files, and demands a payment for their restoration, analyzing its underlying code reveals that it is an entirely new malware strain and not an updated variant of an already existing ransomware. Zero-Day Exploit Facilitates First Sodinokibi Attack Sodinokibi was first detected on April 25 when it was used in an attack that exploited a zero-day Oracle WebLogic Server vulnerability. The severity of the zero-day exploit couldn’t be understated as it allowed the remote execution of code without any of the otherwise required authentication credentials. Oracle issued a patch on April 26,...

In 2019 malware researchers uncovered an illicit cryptocurrency mining campaign named CryptoSink. The attackers appear to exploit a known vulnerability to compromise the targeted systems. The exploit used in the CryptoSink operation is called ‘CVE-2014-3120,’ and it is related to an older version of the Elasticsearch application. The program in question is compatible with Windows and Linux systems. Due to this fact, the operators of the CryptoSink campaign have made their threat compatible with both operating systems. Gaining Persistence To compromise the targeted system, the CryptoSink threat will inject a modified variant of the infamous XMRig cryptocurrency miner. Depending on whether the threat is deployed on a Windows or a Linux system, it will gain persistence on the host differently. To gain persistence on a Windows computer,...

The Parallax RAT (Remote Access Trojan) is a threat that is being sold on underground hacking forums and various platforms. This means that the cyber crooks who are willing to pay the price can get their hands on this nasty Trojan. Furthermore, the authors of the Parallax RAT have made sure that their creation is accessible to everyone by offering different plans and subscriptions. Naturally, the more you pay, the more functionalities will be unlocked. The creators of the Parallax RAT also claim to release free regular updates, which makes the offer even more tempting for some cyber crooks. The cybercriminals behind the Parallax RAT also claim that their creation operates so silently that it is undetectable by anti-virus tools. However, this is not true certainly, and reputable anti-malware applications will be able to spot the...

The Servebits.net website is a page affiliated with a dodgy advertisement network. Users who browse low-quality websites may come across the shady Servebits.net page. However, users do not need to fear for the safety of their systems and the security of their data since this website is not linked to the distribution of malware or any harmful tactics. Despite the fact that the Servebits.net website is not affiliated with any unsafe activity, users are advised to be wary. It is likely that this domain may be associated with dodgy advertisements that may be pushing bogus services or fake products. Neither the quality or the origin of the products and services promoted by the Servebits.net site can be proven. This is why it is best to avoid engaging with advertisements affiliated with the Servebits.net website. If you have stumbled upon...

The Offers.mahaladon.com website is likely to lure in users by promising to provide them with great offers. However, this is not what happens as this is nothing more than yet another fake Web page definitely. The goal of the Offers.mahaladon.com site is to hijack its users’ Web browser notifications. The Offers.mahaladon.com site would claim that the users will get access to a great offer as soon as they click on the ‘Allow’ button they are presented with. Unfortunately, the Offers.mahaladon.com site does not provide its visitors with any quality content or valuable offers. Clicking on the ‘Allow’ button on your screen would enable the Offers.mahaladon.com site to send you push-notifications via your Web browser. This can get very tedious quickly, as the Offers.mahaladon.com would abuse your permission and would spam you with unwanted...

The Qqecom.com page is a bogus website that does not offer any valuable content or useful tools to its visitors. The Qqecom.com site has been created for one reason only – to spam users with unwanted advertisements. Unfortunately, websites like the Qqecom.com page are very common. When the users visit the Qqecom.com site, they are likely to be asked to click on the ‘Allow’ button displayed on the page. Clicking the button in question would allow the Qqecom.com site to send users push-notifications to their Web browser. To make matters worse, the Qqecom.com site’s push-notifications may even appear when the user’s Web browser is closed. This means that the site may bother you with notifications even if you are playing a video game or watching a movie. The Qqecom.com website uses Web browser notifications to spam users with unwanted...

The Memeda111.com site is a fake Web page that attempts to attract users’ attention by claiming to host engaging content. However, to get access to the supposedly interesting content, the users will be asked to follow the instructions on the screen that will direct them to click on the ‘Allow’ button displayed. However, the Memeda111.com site does not host engaging content despite its claims. Clicking on the ‘Allow’ button will not grant you access to the content you were promised. Instead, all it would do is allow the Memeda111.com page to display Web browser notifications. The Memeda111.com site will use your Web browser notifications to spam you with unwanted advertisements. Since the Memeda111.com website is likely working in cooperation with dodgy advertisement networks, the products and services promoted by this page are likely...

The Nearsales.in website is likely luring in visitors by claiming to provide users with sales that may be taking place near them. However, rest assured that the Nearsales.in website will not provide you with any useful information or quality content. The Nearsales.in website is designed to hijack its visitors’ Web browser notifications. Usually, the visitors will be required to click on the ‘Allow’ button as soon as they launch the website. Doing so would grant the Nearsales.in site permission to send you Web browser push-notifications. This may sound harmless, but the Nearsales.in site is more than likely going to abuse this permission and bombard you with constant unwanted, irrelevant advertisements. Not only will the Nearsales.in site spam you relentlessly, but the products and services it promotes are not trustworthy. This is due...

The Myluckydays.win page is likely tricking users into granting it permissions by displaying bogus prompts. The goal of the Myluckydays.win site is to mislead users into allowing it to send Web browser push-notifications. The Myluckydays.win site would use the Web browser notifications to promote various products and services. It is likely that the content promoted by the Myluckydays.win site may be of low-quality or dubious origins. Such dodgy sites are known to push gambling platforms, adult content, bogus giveaways, etc. Users should avoid clicking on any advertisements affiliated with the Myluckydays.win site. The Myluckydays.win page may even display Web browser notifications when your Web browser is closed. This means that users who are playing video games, writing papers, or watching movies are likely to be bothered with...

The Message-operators.com website is a bogus Web page that would provide its visitors with low-quality content or features. There are numerous websites similar to the Message-operators.com page whose only goal is to hijack your Web browser notifications. The creators of the Message-operators.com site generate revenue by flooding their users with unwanted advertisements. Genuine websites may request to send users push-notifications to inform them about breaking news, new deals, etc. However, the Message-operators.com website will abuse the permission and spam its users with advertisements even when their Web browser is closed. This makes the Message-operators.com website irritating particularly. What is even worse, is that the content pushed by advertisements affiliated with the Message-operators.com site are likely to be of shady...

The Axora.club website has only one goal – to trick you into allowing it to display Web browser notifications. It is likely that the Axora.club page would mislead users into permitting Web browser push-notifications by claiming to host engaging content that can only be viewed if the user complies with the site’s demands. The user will be demanded to click on the ‘Allow’ button that the website presents them with. However, clicking this button will not unlock any interesting content. Instead, it will allow the dodgy site to send the users push-notifications via their Web browser. Funny enough, the Axora.club website does not host any quality content whatsoever – there is nothing to be viewed on it despite all its claims. Once the Axora.club site gets permission to display Web browser notifications, it will begin spamming the user with...

Malware researchers have detected a new data-locking Trojan named Ransomwared Ransomware. This threat also is known as ‘iwanttits Ransomware.’ Thankfully, cybersecurity experts have managed to crack the Ransomwared Ransomware, and there is a free decryption tool available online. Propagation and Encryption It is not fully clear what propagation methods are the attackers employing. It is likely that the Ransomwared Ransomware is spread via spam emails that contain infected attachments. However, there are other popular infection vectors that may be utilized in the spreading of the Ransomwared Ransomware – bogus software updates, torrent trackers, malvertising operations, etc. The...

The Loda RAT is a RAT (Remote Access Trojan) that has been operating for three years as malware analysts first spotted it back in 2017. The Loda RAT is a rather simple RAT, but that does not mean that it cannot get the job done. This Trojan is written in the AutoIT programming language, which is rather unusual. Once the Loda RAT compromises a system, it is able to perform a rather long list of tasks. The Loda RAT appears to be targeting users in the United States, Central America, and South America, mainly. The creators of the Loda RAT are propagating it via bogus emails that direct users to a link that would launch a fake page that belongs to the attackers. This page hosts various macro-laced documents that are designed to target a known vulnerability – CVE-2017-11882. Upon infecting the targeted computer, the Loda RAT would establish...

There are innumerous browser extensions that are not what they market themselves to be. Among them is the Safeplex Search Web browser add-on. This browser extension claims to enhance the search results a user gets, but this is not the case certainly. The Safeplex Search add-on is designed to tamper with the users’ Web browser configuration without their knowledge. Once the users install the Safeplex Search add-on, this extension would change their Web browser settings and redirect users to a page that is affiliated with the authors of the extension. This is done to generate traffic for the page in question. Whenever the users attempt to execute a search, they will be directed to the Yahoo Search engine. This cannot be considered an unsafe activity, and you do not need to be concerned about the safety of your computer or your...

The Easy Mac Care is an application targeting Mac users. The creators of the Easy Mac Care tool claim that this application would improve the work of the system by erasing unnecessary files and changing some settings. The Easy Mac Care tool may be capable of deleting files and applying some changes, but it is improbable that you will notice much of a difference in the performance of your system. However, the Easy Mac Care application will not apply any fixes to your system unless you pay for the full version of it. The Easy Mac Care tool is considered to be a PUP (Potentially Unwanted Program) by malware researchers. This is due to the fact that this application has been reported to present users with exaggerated reports. Minor problems are likely to be presented as critical issues. This is a social engineering trick used to intimidate...

The Safariosso-aplosso.com website is yet another fake page that attempts to exploit its visitors. It would appear that this site targets Apple users mainly. Users who visit the Safariosso-aplosso.com site may be presented with pop-up windows and alerts stating that their systems have been compromised. Visitors also may be told that their connection is not secure. These are social engineering tricks designed to intimidate and pressure users. After being presented with various fraudulent reports regarding their system’s health and safety, the visitors of the Safariosso-aplosso.com website will be offered to download a fake anti-malware tool that will supposedly take care of all their device’s issues. For users who were given a bogus report regarding the security of their connections, the Safariosso-aplosso.com site offers a fake VPN...