WebDiscover Browser is an adware threat developed by a Canada-based company named WebDiscover Media. Once installed on a PC, the malicious app makes a series of unwanted changes to all browsers installed on the computer, leading to a deteriorating online surfing experience. WebDiscover replaces the default home pages and search engines of affected Internet browsers with its own WebDiscover Homepage and WebDiscover Search, respectively. Furthermore, the malicious app modifies the “new tab” settings so that the corrupted browsers launch the malware's own search portal page when the user opens a new tab. Chrome users may not even recognize WebDiscover as an unwanted program and think they...

Getting an OS system error message while working on a project can be quite an unpleasant surprise. Whether relating to MS Windows, or Mac OS, such a bug is always bound to disrupt your normal computer work. While some errors tend to be system-specific, others can affect both Windows and Mac-based systems, albeit designating totally different problems. The so-called Code 43 error message, for example, is primarily associated with device driver problems in Windows PCs, on the one hand, and file transfer issues on Mac machines, on the other. If you are using Windows and looking for a way to fix this specific error, click here for a guide with possible solutions. If you are a Mac user,...

The Shlayer Trojan is a cyber-threat aimed at Mac users who might be interested in trying out application stores other than the official App Store by Apple. The Shlayer Trojan might be promoted to the users as an independent application delivery platform that offers discounts on premium software. The Shlayer platform was reported of delivering harmful programs, unwanted browser extension, unrequested Internet settings modifications, promoting questionable shopping helpers and distributing supposedly free premium applications. The Shlayer Trojan was recognized by computer security researchers in January 2019 when the users started reporting fake Adobe Flash updates to Web browser vendors....

The CoronaVirus Ransomware (also called CoronaVi2022 Ransomware) is a file-locker, which was released in the wild recently, and it seems that its author has opted to use the name of the Coronavirus (also known as COVID-19), which is a disease that is threatening users worldwide. Just like the disease it is named after, the CoronaVirus Ransomware also threatens users worldwide, but in a different way – it will try to encrypt their files, and also overwrite the contents of their drive's Master Boot Record (MBR). The latter operation may cause a lot of trouble, since the victims' computers will not load their operating system and, instead, they will display a copy of the CoronaVirus...

The ongoing outbreak of the coronavirus is now disrupting business across the world, but apparently cybercriminals have no days off, since they're just as active as they were before the beginning of the outbreak. It appears they are now capitalizing on the fears of the people regarding the pandemic. It was back in January that the hackers started using the coronavirus threat as a focus of an email campaign that infected users with malware, and now they are expanding their operations to coronavirus outbreak maps that follow the number of infections and deaths across the world. Many organizations are feeling the pressure from these attacks, such as John Hopkins University who created...

The APT (Advanced Persistent Threat) group was spotted sending out spear-phishing emails that allegedly have detailed information about COVID-19, a.k.a. Coronavirus, but instead, they infect the victims with a custom remote access Trojan (RAT). The group is using the coronavirus pandemic to infect unsuspecting victims with a previously unseen malware. The malware is dubbed 'Vicious Panda' by researchers, with the attackers using it in a campaign at the moment. Researchers managed to find two Rich Text Format (RTF) files that were targeting the Mongolian public sector during the outbreak. Once the files are open, a unique and custom-made remote access Trojan is executed. It develops a list...

The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security...

Win32 Malware.gen is a so-called generic threat - a suspicious file fetched by an anti-virus scan that appears to be malicious but does not match any of the definitions of known malware threats contained in the anti-virus software's database. Therefore, an alert from an anti-malware program for a Win32 Malware.gen detection indicates that there is a 32-bit file on a Windows operating system that should be flagged for further inspection. An infection generally described as Win32 Malware.gen is thus a heuristic detection designed to indicate the presence of some kind of a yet undetermined Trojan horse for Windows PCs. It is also possible that files reported as a Win32 Malware.gen infection...

Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in person are gone and now it all takes place behind a screen of a computer connected to the Internet. The Internet can be the most useful tool in business, school or every-day life. At the same time, the Internet can make someone's life a living hell in the event that one becomes the next victim of a cybercrime. A large percentage of the world's population that uses computers over the Internet are aware of cybercrime and the consequences that they may face if they succumb to a cybercriminals' trap. Others who have no clue as to the dangers they...

The Checkvd.com website does not host any engaging content or useful tools, so users are advised to avoid it. The Checkvd.com page is one of the countless sites that partake in a low-level online tactic known as 'Please Click Allow to Continue.' The Checkvd.com website may claim to host a video that is meant to grab the attention of users. However, when the users try to open the site and watch the video, they will be requested to click on the 'Allow' button on a prompt displayed on their screens. The site may claim that the users will not be granted access to its content unless they follow the instructions. However, the video prompt is fake, and there is no video to be viewed. Following the instructions of the page will allow it to send notifications via your Web browser. The site will use the permissions to bombard you with unwanted...

The Cmol.pro website is a dodgy, empty page that does not contain any meaningful utilities or media. The operators of the Cmol.pro page are involved in an online tactic referred to as 'Please Click Allow to Continue.' As soon as the Cmol.pro site is opened, it will spawn a prompt on the user's screen. The prompt requests the user to click 'Allow' if they wish to continue and view the media that the Cmol.pro page claims to host. However, the Cmol.pro website does not host any media, and the video prompt displayed for the user is bogus. A click on the 'Allow' button permits the Cmol.pro site to send the users notifications via their Web browser. The dodgy Web page will use this permission to spam the visitors with unwanted advertisements via the notifications of their browser. Avoid clicking on the advertisements displayed by the...

The Converter Suite add-on is a dodgy Web browser extension that will not provide its users with the quality tools it promises. If you want to convert document files to PDF and vice versa, there are countless freely available websites online that will not require you to install third-party applications. The Converter Suite extension is a PUP (Potentially Unwanted Program that will go behind users' backs to configure an affiliated website as a default new tab page. This is the shady behavior that granted the extension a PUP status. The associated website hosts a basic search engine, which will not provide you with the quality service available by Google, Bing or Yahoo. The site in question is hosted on Convertersuite.com/newtab/v1. It is advisable to remove the Converter Suite Web browser extension from your system. This can either be...

Malware researchers have re uncovered a brand-new data-locking Trojan dubbed the Vfcfocxp Ransomware recently. Ransomware threats are very popular, as even inexperienced cyber crooks can build and distribute them. Propagation and Encryption Most authors of ransomware threats use several popular propagation methods to distribute their harmful creations, which include: Fake software downloads and updates. Torrent trackers. Bogus pirated copies of popular software services. Malvertising operations. Spam emails containing corrupted links or macro-laced attachments. When the Vfcfocxp Ransomware infects a PC, it will scan its files to locate the on that meet its criteria. It is likely that the Vfcfocxp Ransomware goes after a very wide variety of filetypes - .doc, .jpeg, .jpg, .png, .xls, .ppt, .rar, .mp3, .mp4, .mpv, .zip, etc. The targeted...

The Pezi Ransomware is a new variant of the notorious STOP Ransomware. The STOP Ransomware is one of the most popular ransomware families, which experienced its peak in activity in 2019, with over 200 copies released over the course of one year. Propagation and Encryption The Pezi Ransomware is likely propagated via the most commonly used infection vectors: Malvertising campaigns. Mass spam emails. Bogus application downloads and updates. Torrent trackers. Fake copies of popular applications. When the Pezi Ransomware infects a system, it will star the attack by scanning the contents of the computer. After this, the Pezi Ransomware will trigger the encryption process, which will make sure to lock all the targeted files securely. It is likely that this threat goes after documents, images, audio files, databases, archives, videos,...

Most ransomware threats encrypt their target's data and ask them to pay a ransom fee in exchange for a decryption tool. However, cybercriminals have developed a new scheme that is mainly used against businesses and organizations, rather than regular users. The authors of the newly detected PonyFinal Ransomware are among the cyber crooks that utilize the aforementioned technique. The victims of the PonyFinal Ransomware not only are asked to pay a ransom fee to recover their data, but they also are threatened that unless the payment is processed successfully, their files will be leaked online. Naturally, no organization or company would want its confidential data and conversations leaked online, as this will likely cause great damage. The PonyFinal Ransomware is written JAVA. According to cybersecurity researchers, the attacks may not be...

The Gamut Botnet is a project that was first spotted and studied by malware researchers back in 2013. The Gamut Botnet is a rather basic operation – this botnet uses hijacked systems to send spam emails to a pre-made list of email addresses. A targeted system will receive one of the aforementioned spam emails, and when the user opens the email, the Gamut Botnet will hijack the computer. When the payload of the Gamut Botnet is injected into the targeted system, it will store its components in the %TEMP% folder. To acquire persistence on the infected host, the threat will modify the Windows Registry. To mask its presence, the harmful payload is likely to use generic-sounding names like 'WPUms,' which is used by a genuine Windows Service. The Gamut Botnet's payload applies some basic security measures. Before running on a compromised...

The SunOrcal threat first emerged back in 2013. Throughout the years, the operators of the SunOrcal malware have introduced several major updates. One of the most recent key updates was released in 2017 – the cyber crooks established a C&C (Command & Control) server hosted on the GitHub platform. Another major change was the introduction of steganography, as the SunOrcal threat could now make use of this installation technique. This hacking tool is known to have been used against several organizations located in Myanmar, as well as well-known Tibetan activists. The SunOrcal malware uses a basic technique to make sure that two implants will not run on the same network. As soon as the threat is launched, it will check for the presence of a specific mutex on the infected host - if a match is found, it still halt the execution. If...

The Ke3chang APT (Advanced Persistent Threat) is an infamous hacking group from China that has made headlines all around the world. The cyber crooks behind the Ke3chang APT also are known as APT15. The Ke3chang APT has a substantial list of hacking tools, and one of them is the MirageFox RAT (Remote Access Trojan). The MirageFox RAT is usually utilized as a second-stage payload. The threat allows the Ke3chang group to carry out a variety of threatening tasks on the compromised host. The MirageFox RAT can be useful as a long-term reconnaissance tool, particularly. This hacking tool is able to siphon targeted data and files from the infected host, as well as apply changes to the security settings of the compromised system. The latter is a very useful feature that would enable the attackers to inject additional malware into the targeted...

The Ke3chang hacking group is an APT (Advanced Persistent Threat) that is believed to operate from China. These cybercriminals also are known as APT15. Cybersecurity experts believe that this APT may be sponsored by the Chinese government, and it is likely used to carry out attacks that further the interests of Beijing on an international scale. The Ke3chang hacking group is known to rework and repurpose their hacking tools, and one of the examples of this is the RoyalCli malware. This threat appears to be based on a Trojan known as RoyalDNS, which has been utilized in several large-scale attacks targeting foreign government bodies. Malware researchers first spotted the RoyalCli threat in 2017. This backdoor was identified on systems used by contractors that co-operate with government departments of the United Kingdom. The RoyalCli...

A hacker has been targeting 'scam' companies with denial of service and ransomware attacks. The CyberWare hacker group was seen attacking several companies with DDoS attacks and ransomware, attempting to take down their websites or wipe their data. According to the hacker contacted by security researchers, the companies being targeted are allegedly under attack because they 'deserve it' for scamming innocent people. The ransom notes in the attacks state that the targeted computers were destroyed because the attackers 'know you are a scammer'. Companies affected by the CyberWare attacks may recover their data using decryptor tools based on Hidden Tear since the MilkVictory malware used in...

The Ke3chang hacking group is an APT (Advanced Persistent Threat) that originates from China. It is likely that the Ke3chang APT is sponsored by the Chinese government and is used to carry out cyberattacks on their behalf. The Ke3chang hacking group is known to have carried out a number of high-profile operations that targeted foreign government bodies, business organizations, diplomatic missions and others. Two of the most popular hacking tools in the arsenal of the Ke3chang group are called Ketrican and Okrum. Recently, malware researchers have uncovered a new threat, that appears to be a hybrid between the Ketrican and Okrum tools. This new malware has been named the Ketrum Backdoor appropriately. The Ketrum Backdoor is a rather minimalistic utility, just like the majority of the hacking tools created by the Ke3chang group. Some...

The Newsgate.biz site hosts a low-tier online tactic known as 'Please Click Allow to Continue.' This shady site will likely try to attract visitors by claiming to offer exciting news and engaging videos. Unfortunately, the Newsgate.biz site is not hosting any content, so you should not waste your precious time with it. When you open the Newsgate.biz site, you will see a fake video prompt, and you will be invited to click on the 'Allow' button to get access to the video the page claims to host. Clicking on the 'Allow' button, you will not be granted access to the exciting content promised – instead, the Newsgate.biz page will get permission to send you push-notifications via your Web browser. The Newsgate.biz page will utilize this permission to bombard you with advertisements non-stop. Users state that even when their Web browser is...

The Ezy Photo Tab application is an add-on that claims to offer users editing tools, which would allow them to edit their photos and videos from their Web browser directly. However, the tools offered by the Ezy Photo Tab extension are available online freely. This means that the download and installation of any third-party applications to access the utilities and services offered by the Ezy Photo Tab Web browser extension is not necessary. If you install the Ezy Photo Tad add-on, you will notice that your default new tab page has been changed. This is because the Ezy Photo Tab extension alters the settings of your Web browser without your knowledge. This is the typical conduct of a PUP (Potentially Unwanted Program). The website that users of the Ezy Photo Tab add-on view every time open a default new tab page is hosted on...

Coronavirus Finder is the name of the key part of a harmful campaign that is carried out via a banking Trojan called Ginp. The Ginp banking Trojan targets Android users' finances. Among the most recently added features of the Ginp banking Trojan is a bogus prompt that informs the targeted users that they have been in close proximity with several individuals who are known to be infected with the Coronavirus. The prompt asks the user to pay a small fee, less than one Euro, which will allow them to view the locations, as well as identities of the individuals in question. The name of the prompt is Coronavirus Finder, and it requests the payment to be made via the user's credit card. Of course, this means that the users will be required to fill in their banking information, which will then be transferred to the C&C (Command & Control)...