WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

At first glance, the Newsbreak.com website appears to be a useful tool that would provide its visitors with the latest news. However, this is one of the countless bogus websites online that do not provide any content of value, and instead, seek to benefit from their visitors using various shady tricks. Spams Users with a Constant Flow of Advertisements Upon visiting the Newsbreak.com page, users will be asked to permit the site to display Web browser notifications. Keeping in mind that this fake page poses as a legitimate news website, many users may be tricked to allow browser notifications thinking that they will be alerted for the latest breaking news. However, this is not the case,...

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.  Propagation and Encryption To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex...

IT Ransomware is a brand-new data-locking Trojan that appears to be a rather basic project. This file-locker is also known as the CobraLocker Ransomware. Despite not being a very high-end threat, the IT Ransomware is fully capable of causing significant damage to its targets. Unfortunately, the IT Ransomware does not appear to be decryptable for free. Propagation and Encryption Threats like the IT Ransomware often go after a variety of filetypes that are likely to be present on the system of every regular user. This means that the IT Ransomware will not spare any images, documents, presentations, databases, spreadsheets, archives, audio files, videos and other filetypes that are common....

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

Search Marquis is a Mac utility that disguises itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a malicious browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) that sneaks stealthily into Mac computers is to generate revenues for its operators by popularizing the search engine Bing.com on Mac Safari browser. This happens through a number of intermediate redirects through various dubious domains. Once installed on a Mac computer, this browser hijacking tool starts to modify crucial changes on the user's...

MacClean is a rogue system-optimizing utility for Mac computers that falls into the category of the Potential Unwanted Programs (PUPs). Anti-malware tools detect it under different names, whereby some of these detection names include the name of MacClean's developer and provider - a China-based company named iMobile (for example, MacOS:IMobie-A [PUP], variants of OSX/iMobie.B Potentially Unwanted, PUA:Win32/Presenoker, OSX.Application.Agent.E57NG5). Although some users install MacClean from the PUP's official website in the belief it is a useful tool that would clean and optimize their machines, in most cases, the fake system optimizer spreads through deceptive promotional pop-ups, corrupted websites, or through a method known as freeware bundling. Malware researchers are confident that this tool can be of absolutely no use but can do...

After warning the public about how dangerous ProLock can be in May 2020, in the first week of September, the FBI has issued a second warning about the ransomware threat. The warning is mostly aimed at large private or government organizations. The operators of ProLock have historically gone after such targets. Large organizations are more likely to have the resources to pay a huge ransom and RroLock is known to have ransom demands sometimes reaching more than $2 million. History ProLock is relatively new to the ransomware scene first emerging in late 2019. At that time, the cybercriminals were using a different name - PwndLocker. This changed in March 2020 after security experts had found...

Yonfrul.com is a misleading website that was created with the sole purpose to trick users into subscribing to its push notifications. If it is successful, Yonfrul.com will then begin to deliver sponsored advertisements on the affected device resulting in monetary gains for its creators. To increase the chances of tricking unsuspecting visitors, fraudulent websites such as Yonfrul.com employ various social-engineering methods and tactics. Usually, they pretend to be carrying out a captcha check and ask the users to click the 'Allow' button to prove they are not robots. Yonfrul.com also plays on people's curiosity by showing a buffering video and stating that users have to 'Click Allow to continue.' No matter the exact text of the fake error or alert message, the end goal is to convince the visitors to give the tactic website the...

Greedomer.club is a fraudulent website dedicated to the promotion of a browser-based tactic. It attempts to trick unsuspecting visitors into subscribing to its push notification services by employing various social-engineering tactics. The goal is to then deliver unwanted advertisements to the compromised device. Landing on Greedomer.club means that you will be presented with various fake alert or error messages that, curiously, all urge you to click on the 'Allow' button. The text of these messages may include: 'Greedomer.club wants to Show notifications' 'Click Allow to confirm that you are not a robot!' 'CLICK ALLOW TO CLOSE THIS PAGE' By following the instructions, you will be giving Greedomer.club the required browser permissions to start executing its agenda. Numerous pop-up advertisements will start to appear on the screen of...

Despite what it may claim, the purpose of ConverterSearchHD is not to provide users with some useful features or convenient links to popular websites and services. No, its goal is to sneak its way onto the user's device, most likely though misleading distribution practices such as 'bundling' - where the installation of the application is hidden somewhere in the installation process of another more popular freeware program, and to start generating revenue for its creators by driving artificial traffic towards a fake search engine. In ConverterSearchHD's case, it takes over the homepage, new page tab, and the default search engine of the browser and sets them to open feed.convertersearchhd.com. While the application is present on the device, users will not be able to restore the settings to their previous state. The search engine...

FlixSearch is categorized as a Possibly Unwanted Program (PUP) and a browser hijacker due to its ability to take over certain browser settings and prevent the users from reverting them to their original state. The goal is to drive artificial traffic towards a fake search engine or a promoted website. FlixSearch changes the homepage, new page tab, and the default search engine to open toksearches.xyz. Users are advised to remove browse hijacker applications such as FlixSearch immediately after they notice their presence. There are several serious reasons to justify this decision. First, most browser hijackers have only one goal: to generate monetary gains for their creators by delivering sponsored advertisements either as pop-ups or through links injected in the search results list. Furthermore, various browsing and system data may be...

SmartFunctionSearch is a Possibly Unwanted Program (PUP), equipped with browser hijacker capabilities that targets Mac systems. In most cases, users may not have even noticed that SmartFunctionSearch has been installed on their devices due to the application's dubious or misleading distribution tactic. Some of them may include 'bundling' - the installation of SmartFunctionSearch is hidden inside the installation process of another more popular free application or poses as a software update. No matter what the infiltration channel was, once inside a system, SmartFunctionSearch proceeds to enact its agenda. SmartFunctionSearch takes over certain browser settings to modify the homepage, new page tab, and the default search engine to open a fake search engine at SmartFunctionSearch. Infosec experts consider such engines to be fake due to...

The DogeCrypt Ransowmare is considered a variant of the DesuCrypt Ransomware, but the hackers have done some significant modifications to the threat's behavior. While the DesuCrypt Ransomware imitates a typical ransomware threat, it does not, in fact, encrypt any files and leave a note with instructions for its victims. Instead, it simply damages the targeted files rendering them unusable and changing the background image to one with a short message that doesn't contain any emails or other methods to contact the criminals. The DogeCrypt Ransomware, on the other hand, does include an encryption process and drops a proper ransom note on the infected computers. Every successfully encrypted file will have its name changed to include an email address under the hackers' control and '.DogeCrypt' as a new extension. For example, a file named...

The LuxNET RAT is a Remote Administration/Access Trojan (RAT) that cybercriminals use to perform a variety of actions on targeted computers remotely. Te LuxNET RAT functionalities include collecting data, installing additional malware on compromised devices, modifying crucial files and system processes. The LuxNET RAT distribution methods include spam e-mail campaigns where the attackers attach a corrupted executable disguised as a regular MS Office document, PDF or an archive-type file. Websites that offer free downloads are another common channel for malware distribution, along with fake software updates and unsafe advertisements. RATs infiltrate systems unnoticed and remain silent while operating in the background. Therefore, affected users will not notice any direct symptoms of a LuxNET RAT infection. In most cases, the LuxNET RAT...

Uptoabc.com is a dubious page on the Internet created to deliver sponsored content to users' computers. People get redirected to this page either by malware installed on their computers or other similar unsafe pages. When you open Uptoabc.com, the first thing you see is a message that requires you to click on an 'Allow' button to receive notifications from this website. You should not agree to receive Uptoabc.com's message, as all of them may contain broken links or scripts that may result in additional malware being installed on your machine. Cybercriminals have set up Uptoabc.com to generate advertisements and banners that promote potentially unsafe websites and services, like adult content, online gambling, Possibly Unwanted Programs (PUPs) or fake software. The intrusive pop-ups may look in many different ways. For example, they...

The PewPew Ransomware is designed to use a combination of AES-256 and RSA-2048 encryption algorithms to 'lock' the files of every computer system it compromises. As a consequence, users can no longer access their personal or business-related documents, spreadsheets, databases, videos, pictures, or audio files. The hackers then request the payment of a ransom in exchange for the decryption tool or key that could potentially restore the encrypted files. When the PewPew Ransomware encrypts a file, it modifies the original filename heavily by appending a string representing the unique ID of the victim, an email address under the control of the hackers - 'pewpew@TuTa.io,' and finally '.abkir' as a new extension. The ransom note with instructions to the affected users is dropped both as a text file named 'info-decrypt.txt' and as an HTML...

If you see a message about an 'ERROR # 0x6a1-0xf9fx3999' during your everyday browsing, you have landed on a misleading website. The goal is to convince the unsuspecting visitors to call a phone number that is supposedly for Tech Support but is, in fact, under the control of the scammers. The exact message used by the 'ERROR # 0x6a1-0xf9fx3999' Pop-Up scam may differ - it could state that the user's computer system is infected with malware or that it may have experienced a serious crash. No matter what the exact wording is, visitors are strongly urged to call a Tech Support phone number where they will be guided through the supposed removal process. Instead, the scammers will attempt to install remote access software on the computer system, which will give them considerable control to download additional suspicious applications....

InitialWindow is an application classified as a Possibly Unwanted Program (PUP) and a browser hijacker due to its ability to take over certain settings of the browser and prevent the users from changing them back to their original state. The goal is to drive artificial traffic to the promoted, in most cases, fake search engines. When InitialWindow is installed, it performs a check to determine what is the default browser. If it is Safari, the browser hijacker sets the homepage, new tab page, and the default search engine to redirect to z6airr.com. This is a fake search engine due to its inability to conduct Web searches on its own. In order to provide the users with a list of relevant search results, it redirects every search query through search.yahoo.com. If InitialWindow detects a Chrome browser, it modifies the same settings, but...

The Xorist-TAKA Ransomware, as it names suggests, is a ransomware threat that cybersecurity analysts have determined to be be based on Xorist Ransomware and, as a result, part of the Xorist family of ransomware threats. Victims of Xorist-TAKA will find that all of their files have suddenly become inaccessible and that a new extension - ' .TAKA' has been appended to their original filenames. The criminals behind the ransomware threat have employed nearly all of the methods used to get the attention of the affected users. They have designed the Xorist-TAKA Ransomware to change the image used by the victims as a desktop background while simultaneously dropping the ransom note as text files placed in every folder with encrypted data and being displayed in a pop-up window. The message written on the desktop image is rather short, simply...

In its own words, the Wannacry666 Ransomware uses a "military-grade encryption algorithm" to effectively lock users out of accessing and using their files. The hackers behind the threat then demand money in exchange for the decryption key in their possession. The Wannacry666 Ransomware is the name given to one of the latest additions to the Xorist Ransomware family of malware threats. The Wannacry666 Ransomware appends '.wannacry666' as a brand new extension to the original filename of every successfully encrypted file. In addition, a text file with instructions from the criminals will be dropped in all folders containing locked data. The name used for the text files is a seemingly random sequence of letters. Victims of the Wannacry666 Ransomware are told that the decryption key necessary for the restoration of the encrypted files can...

The TEREN Ransomware is a new ransomware threat spawned from the prolific family of ransomware based on the Dharma Ransomware. The most significant differences between TEREN and the other members of the Dharma malware family are the extension it uses for all the encrypted files and the email addresses for contact with the hackers. Upon successful infiltration, the TEREN Ransomware begins to encrypt the files stored on the computer system with an uncrackable cryptographic algorithm, effectively locking the users out of accessing their own private files. The cybercriminals will then demand the payment of a ransom, usually in Bitcoin, in exchange for the decryption key or tool that could potentially restore the locked data. As all of the Dharma variants, the TEREN Ransomware also modifies the filenames of every encrypted file...