The Phobos Ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017. The Phobos Ransomware is being used to target computer users in Western Europe and the United States and delivers its ransom messages in English to the victims. The main way in which the Phobos Ransomware is being distributed is through the use of spam email attachments, which may appear as Microsoft Word documents that have enabled macros. These macro scripts are designed to download and install the Phobos Ransomware onto the victim's computer when the corrupted file is accessed. It is likely that the Phobos Ransomware is an independent threat since it does not seem to belong to a vast...

Some highly skilled cyber crooks prefer to build and tailor unique malware and take great pride in this. Others, however, would rather take it easy and still cash in some profits, preferable with minimum effort involved. Such individuals like to base their malware creations on the code of already existing, well-established threats. This is the case with the creators of the Adame Ransomware. This file-encrypting Trojan is a variant of the infamous Phobos Ransomware. An Offshoot of the Phobos Ransomware Upon close examination of its code, security researchers have now tied Adame's structure to that of the nasty Phobos ransomware family. However, the group of hackers behind the attacks has...

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Smartphones have become an unavoidable part of our lives, and we often rely on them to store sensitive information, private photos, or even to complete financial transactions. This is why it is not a surprise that cybercriminals are paying more and more attention to the security holes in Android devices, and they also focus on developing hacking tools that are compatible with Android. One of the up-to-date entries to the long list of Android-compatible malware is called ‘MobiHok RAT.’ This Remote Access Trojan is being sold on hacking forums currently, and its author also is using YouTube and Facebook to advertise the features that this malicious application has. A Copycat of the SpyNote RAT being Sold Online Malware researchers who examined a sample of the MobiHok RAT (also known as MobeRat), report that it shares a lot of...

Seeing the ‘.hermes837’ extension added to some of your files is a sure sign that your computer has been infiltrated by the Hermes837 Ransomware, a dangerous file-locker that has the ability to leave the majority of your files in an encrypted state. Threats like this one are exceptionally threatening since they are meant to cause long-term damage that cannot be undone by running an anti-virus tool and removing the source of the problem. The only way to restore the files locked by the Hermes837 Ransomware is to use a decryption tool paired with the unique decryption key that the ransomware generated for you. Unfortunately, that key is stored on the server of the Hermes837 Ransomware’s operators only, and they are not willing to part it for free. The Hermes837 Ransomware Targets Popular File Formats Threats like this one are often...

Dealing with the consequences of a Koko Ransomware attack can be a very challenging task due to this threat’s ability to encrypt files and make their contents inaccessible. Reverting the encryption is impossible without acquiring the unique decryption key that the Koko Ransomware uses for each victim. Unfortunately, this key piece of information is stored on the server of the threat’s operators, and they will not give it away unless they receive fair Bitcoin compensation. The Koko Ransomware may be Spread via Fake Emails and Downloads The Koko Ransomware’s authors may use several propagation channels to ensure that their threatening application will reach as many users as possible – phishing emails with bogus attachments, pirated software, fake downloads or fake software updates and patches. The Internet is full of potentially harmful...

Ransomware attacks can be very devastating if you do not have an up-to-date backup copy of your files. This particular malware has the ability to encrypt a large portion of your files in a matter of minutes, and then begin to extort you for money by offering to sell you a decryptor in exchange for Bitcoin. An example of such a piece of ransomware is the PyLock Ransomware, a newly discovered file-encryption Trojan that may have already managed to get to computers in different countries. The PyLock Ransomware is Swift and Threatening The typical propagation channels used to spread the PyLock Ransomware are fake downloads, torrent trackers, bogus email attachments, etc. You should stay away from suspicious content like that and always to use a reputable anti-virus tool to scan the files coming from unknown sources. If you fail to stop the...

In the past decade, cybercriminals have used cyber threats to generate profit for themselves almost exclusively – they use malware that can extort the victim for money, collect their financial details, gather cryptocurrency wallets, or even harvest the computer’s power to mine for various cryptocurrencies. However, it appears that there are still groups of hackers who opt to rely on malware that is purely destructive – this is the exact case with Ordinypt Wiper, a piece of malware capable of damaging a large number of files in a matter of minutes. Attacks with the Ordinypt Wiper are targeted to German users and companies exclusively, and its authors still attempt to make some money despite being unable to help their victims at all. German Users are Again the Targets of a Data Wiper The first reports from victims of the Ordinypt Wiper...

Cryptojacking campaigns have been one of the leading trends in the world of cybercrime and, as expected, the cybercriminals are beginning to introduce more advanced crypto mining malware that can evade sandboxes, persist after removal, and even disguise its presence on the victim’s machine. One other notable thing about a crypto-mining malware is that it is not only targeted to Windows computers certainly – many of the malware families go for Linux-based systems, and this is the case with Skidmap. Cryptocurrency Mining Malware Continues to Evolve Skidmap is a newly discovered malware family whose primary purpose is to deploy a pre-configured cryptocurrency miner malware that generates Monero coins for the attackers. While this is the typical thing you would expect to see from a cryptojacking project, there is a lot more packed in...

Remote Access Trojans (RATs) are among the most versatile tools in the arsenal of cybercriminals. They are loaded with tons of features usually and provide their operators with the ability to take complete control over the victim’s machine. In addition to this, they also support modules to execute specific operations that allow the attacker to collect particular files or data from the infected machine. InnfiRAT is one of the new RAT projects to be spotted in the wild, and it appears to have special modules dedicated to collecting cryptocurrency wallets and cookies from the victim’s machine. Of course, it also packs many of the other features you would expect to see in a Remote Access Trojan. InnfiRAT may be a Private Hacking Tool Often, software like this is being sold on hacking forums, but we are yet to encounter any advertisements...

There are several complaints on the official Apple forums by users who were targeted by advertisements that promote the Mac Cleanup Pro, an optimization utility that claims to provide users with the ability to clean their Mac devices and optimize its performance and health. However, there is a catch – the users did not see online advertisements. Instead, they see pop-ups offering to purchase the full version of the Mac Cleanup Pro were triggered by the trial version of the Mac Cleanup Pro they had on their computer. Many of the users report that they did not recall installing this application so that it is possible that it might have used social engineering tricks or misleading instructions to get there. It is not unusual for Potentially Unwanted Programs (PUPs) like the Mac Cleanup Pro to be spread via software bundling. A Useless...

Cybersecurity experts have detected a new Trojan dropper in the wild. It goes by the name ‘WiryJMPer’ and, so far, it has been used to deliver one particular malware strain, the NetWire RAT. The purpose of Trojan Droppers is to deliver an embedded payload and assisting it when it comes to evading sandboxes and anti-virus engines. Malware developers tend to use a wide range of tricks to increase their Trojan Dropper’s odds of beating the security tools their target may use – in the case of the WiryJMPer Dropper, the corrupted file is loaded with junk code, as well as with useless functions that iterate through random sections of the code without doing anything meaningful. A Basic Dropper Being Used to Deliver a Threatening Remote Access Tool Despite being able to stay hidden from the eyes of malware researchers for at least a few...

The activity of the WatchBog has been monitored closely for the past year, and it appears that its operators are certainly not dormant. So far, the WatchBog botnet has been used to mine for Monero exclusively. As usual, the task is completed by planting a covert cryptocurrency miner on the compromised host, and then loading a configuration file with the wallet address, mining pool and miner settings. Naturally, the victim is kept in the dark, and all of the generated Monero coins get transferred to the attacker’s wallet. A recent update to the WatchBog botnet did not go unnoticed by security experts, and it appears that the criminals behind the project are planning to expand their operation by looking for new victims via the BlueKeep Windows vulnerability. A CPU-Intensive Cryptocurrency Miner may Cause Performance Issues What would be...

Every Internet user loves the idea of getting rid of the advertisements that they keep seeing online, especially since many of them contain irrelevant content. However, you can rest assured that the Mac Ads Cleaner is one of the utilities that will not help you with this problem, despite what its name claims. This software is available for all OSX devices, and it is advertised an all-in-one privacy protector, advertisements cleaner, and malware removal application. If you think this seems to be too good to be true, then you have the correct idea – the helpfulness of the Mac Ads Cleaner is questionable, at best, and it is important to note that many reputable Mac security tools report this software as a Potentially Unwanted Program (PUP). The official Apple forums have several threads regarding the Mac Ads Cleaner, and all of their...

Users often experiment with different Web browser extensions that offer interesting and quirky features. If you are a person of this type, then you might have encountered AwayTab, a Google Chrome add-on, which promises to provide its users with attractive vacation offers whenever they open a new tab page. This may sound great at first, but you should not forget that the installation of AwayTab will prevent you from using a helpful new tab page. Instead, you will always be welcomed by a random vacation spot that is accompanied by offers to book a hotel or buy plane tickets. In general, browser add-ons that apply changes to the browser’s configuration are frowned upon, and AwayTab is not an exception. Many security applications will advise for AwayTab’s immediate removal. Another thing that users of AwayTab should know is that the...

Many users search online for websites where they can watch their favorite TV shows or movies for free. However, Web pages that host such media and offer it free of charge are making their money by other, shadier means. This is the case with the PutLocker streaming service. Just like most dodgy websites, which offer pirated content, the PutLocker page works with a network of dubious advertisers. Such advertisers often push low-quality products or useless services. They also tend to promote other shady websites, which would sometimes be hosting adult entertainment, gambling, fake giveaways, etc. The PutLocker page tends to promote a few types of dodgy offers, which one should keep an eye out for and avoid at all costs: Promotion of dubious applications. Dodgy gambling platforms. Fake technical support services, which use social...

People who do not like paying for legal streaming services often end up either looking to download the media they are after illicitly or searching for Web pages that offer to stream pirated content for free. However, as it is said, there is no free lunch. Websites that host pirated media tend to work with a whole network of other dodgy actors. Mainly dubious advertisers who will try to sell you all sorts of shady products and subscriptions. A common trick used by dodgy websites like the Movies123 page is to try and trick the user into giving them permission to display browser notifications. Many legitimate websites ask for permission to send browser notifications, but their goal is to provide users with breaking news, latest gossip, or newest sales. These notifications are usually desired by the user and therefore, are not considered...

The ‘iforgot.apple.com’ scam has been getting traction recently. This tactic is a rather elaborated plan of defrauding Apple users from their login credentials. The authors of the tactic use emails to achieve their ends. They have made sure to tailor the emails in a way that makes them appear legitimate to the user. The actors behind the ‘iforgot.apple.com’ scam have used an HTML code, which is meant to trick the user and make them believe that they are being redirected to the official Apple website, when in fact they are being directed to a bogus Web page that belongs to the con artists. Users need to remember always to keep a close eye on the URL when clicking on an email link. Oftentimes, con artists would use very similar domain names to the legitimate ones, therefore, reducing the chances of the user to detect that something is...