The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

In the past, the term skimming used to be linked to crooks collecting credit card data from ATMs (Automated Teller Machines) exclusively. The operation would be carried out by the criminals installing a well-masked piece of hardware onto an ATM and then gathering the sensitive credit card data of users who use the machine. However, cyber crooks also have taken an interest in skimmers, and a new malware has been developed, which is often referred to as online skimming. Usually, an online skimmer would consist of a difficult to detect JavaScript code that is injected into the check-out page of an online store. Of course, the online skimmer would not change the interface or functionality of the compromised website, and users will be oblivious to its unsafe activity. This allows the operators of the online skimmer to collect the credit...

Most malware strains target Windows running machines, as this is the most popular operating system in the world undoubtedly. However, this does not mean that systems running alternative operating systems like OSX or Linux are impenetrable fortresses. Recently, researchers spotted a new malware strain that is capable of targeting various operating systems. The name of the threat is ACBackdoor, and it appears to be compatible with both Linux and the Windows OS. The Linux variant of the ACBackdoor is rather impressive. The Linux-based ACBackdoor executes its code without files, which reduces the footprint of the threat on the compromised device. Furthermore, this variant of the ACBackdoor can tamper with the properties of the running processes on the infected host. However, it would appear that the creators of the ACBackdoor likely...

Ransomware threats are perhaps one of the worst malware type one may have to deal with. These nasty data-locking Trojans sneak into the computers of unsuspecting users, encrypt all their data, and then extort them for money. To makes matters worse, this is certainly among the most popular malware types that are being distributed daily. One of the latest ransomware threats spotted is called the Dom Ransomware. The Dom Ransomware belongs to the popular Scarab Ransomware family. Propagation and Encryption Malware researchers have not yet uncovered what the infection vectors used in the propagation of the Dom Ransomware are. One of the most well-used methods of distributing threats of this kind is spam emails. The fake email would contain a fraudulent message whose goal is to convince the user to launch the attached file by making it seem...

Ransomware threats are one of the most popular malware types in recent years. They are simple to build (provided that one uses a ransomware building kit) and easy to distribute threats that are capable of causing great damage to their targets. Among the newest spotted threats of this class is the Mbed Ransomware. When researchers uncovered and dissected this Trojan, they found that it is a variant of the infamous STOP Ransomware family. Without a doubt, the STOP Ransomware family has been the most active ransomware family throughout 2019, claiming numerous victims. Propagation and Encryption The authors of the Mbed Ransomware are likely using mass spam emails to propagate their creation. The emails would contain a fake message that utilizes various social engineering tricks to try to convince the user to open the attached file. The...

Ransomware threats usually sneak into a computer and make sure to lock all the data present before they attempt to blackmail the victim into paying a ransom fee. However, some authors of ransomware threats are more creative. One of the newest spotted threats is called NextCry Ransomware. Instead of targeting computers, the NextCry Ransomware goes after a file-sharing service called NextCloud. The NextCloud service is popular both among regular users and small and large businesses. Users of the NextCloud platform have been targeted by the cyber crooks behind the NextCry Ransomware, and victims have had their data encrypted. Encryption and Synchronization When cybersecurity experts studied the NextCry Ransomware, they found that most of it is written in the Python programming language. The NextCry Ransomware can only operate on operating...

The Pipka malware is a skimmer written in the JavaScript programming language, which was spotted by VISA recently. Skimmers are becoming popular increasingly, as they are rather easy to build. However, despite skimmers, generally speaking, being quite easy to create, they are not as easy to use. It requires the authors of the skimmer to infiltrate a shopping website and plant their tool into the compromised system quietly. The skimmer would be added to the check-out page of the website and serves to collect the payment data of the customers. The Pipka skimmer is not too different from most malware of this class. However, it does have a few interesting features, which are worth mentioning. Operates Very Silently The unsafe activity of the Pipka skimmer was spotted on a shopping website from North America initially. The online store in...

Ransomware threats have been plaguing online users for years. One of the most active ransomware families in 2019 has undoubtedly been the Dharma Ransomware family. The most recent data-locking Trojan, which belongs to this infamous ransomware family, is the SySS Ransomware. There has not yet been a free decryption tool released, which means that the victims of the SySS Ransomware are left with their hands tied for the moment. Propagation and Encryption If you browse low-quality websites, there is a higher chance that you may become a victim of ransomware. Threats like the SySS Ransomware are often distributed via fake application updates, pirated variants of popular software tools and torrent trackers. The most popular propagation method when it comes to ransomware, however, is probably spam email campaigns. Cyber crooks would tailor a...

One of the most popular tactics online is the technical support tactic. These dirty tricks have been around for about twenty users, and it cannot be estimated how many users have fallen victims to this enticement. Usually, fraudsters would build a website that appears to be legitimate in an attempt to trick the user into trusting them. These fake Web pages would often claim that the user's system has been compromised or has some technical issues. Oftentimes, the con artists also would claim that the supposed problem needs to be taken care of urgently, or the user's system may suffer permanent damage. Of course, this is one of their social engineering tricks whose goal is to intimidate and time-pressure the user into doing what the scammers have in mind. Claims that Your Computer has been Infected The 'Microsoft-2019-windows.com' site's...

Malware researchers have uncovered a new data-encrypting Trojan in search of new victims. This new threat was dubbed the Sphinx Ransomware. It does not appear that the Sphinx Ransomware belongs to any of the popular ransomware families. Propagation and Encryption The infection methods utilized in the spreading of this nasty Trojan are not yet known. Researchers believe that the creators of the Sphinx Ransomware may be using mass spam email campaigns to propagate this threat. This would mean that targeted users will receive an email containing a fraudulent message and an attached file. The message’s goal is to convince the user that it is safe to launch the attachment. However, the attachment is usually a macro-laced document, and opening it will allow the Sphinx Ransomware to execute its corrupted script. Of course, there are other...

Remote Access Trojans (which are often referred to as RATs for short) are a very malware type. Nearly anyone can get their hands on a RAT even if they do not have the capabilities to build one themselves. This threat is available for purchase readily and to be rented on underground hacking forums. One can even opt to use a free RAT even though these are likely to be of lower quality compared to the paid ones. The more high-end RATs are better at remaining under the radar of their victim and any potential anti-virus applications. This allows its operators to have access to the compromised host for long periods and cause more damage. A RAT which is popular with both less experienced cybercriminals and highly-skilled cyber crooks is the RevengeRAT. Cybersecurity experts have stumbled upon a new and upgraded variant of the classic...

Despite staying on the down-low for a while, the Telebots hacking group appears to have reemerged from the shadows. This hacking group has gone down in history with the first-ever blackout caused by a hacking tool. They are known for developing very complex, high-end malware. Unlike some hacking groups that tread carefully and do not aim to cause damage to the compromised hosts, the Telebots group takes a different approach. They have very little regard for their targets’ systems and data, and some of their threats are known to cause permanent, irreversible damage to its victims. Telebots Group’s Hacking Arsenal Among some of its more well-known hacking tools are: BlackEnergy – A tool that was used in various operations targeting the energy sector in Ukraine. Industroyer – The malware, which made history also targeted the Ukrainian...

The APT38 (Advanced Persistent Threat) is in the news yet again. This hacking group operates from North Korea and also is known under the alias Lazarus. Their criminal activities have gone so overboard that some of their members are wanted by the United States Federal Bureau of Investigation currently. The APT38 group main motivation seems to be monetary gain as they tend to target large financial institutions and banks worldwide. This hacking group is believed to be sponsored by the North Korean government directly, so it is likely that they are doing Kim Jong-un’s bidding. Allows the Attackers to Collect Data Over Long Silently The APT38 hacking group tends to take its time when carrying out an operation. They would often infiltrate their target and spend as long as they can under their radar, all while collecting data about its...

The APT38 (Advanced Persistent Threat) is back in the news with a new hacking tool called CLEANTOAD. This hacking group also is known as Lazarus and operates from North Korea. It is believed that the APT38 group is sponsored by the North Korean government and carries out hacking campaigns on their behalf. This hacking group operates on a very high level, and some of its members are wanted by the FBI. Quiet Operations Most of the APT38's campaigns are motivated financially, and their targets tend to be banks and various other financial institutions. The APT38 group is rather patient when operating and is known to take its time and carry out attacks over long periods. This helps its threatening activity to remain under the radar of their targets for longer. Often, the APT38 group's campaigns deliver several payloads with different...

The Exaramel hacking tool is a threat, which was spotted in one of the campaigns of the TeleBots hacking group recently. When studying the threat, malware researchers noticed that the Exaramel malware is rather similar to another hacking tool in the arsenal of the TeleBots group called Industroyer. The TeleBots hacking group has been very active in recent years and has made many headlines with its threatening campaigns. Its most famous operation took place in 2015 and involved them, causing a blackout, which had never before been achieved with malware. The TeleBots group also is the one behind the infamous Petya Ransomware, which plagued the Web for a while. The threat would lock the MBR (Master Boot Record) of the hard drive on the targeted system. Delivered as Secondary Payload The Exaramel malware is a backdoor Trojan, and it is...

Email tactics have been around since the dawn of the Internet. We, as humans, have a desire for the unearned and cybercriminals, have developed numerous tricks and social engineering techniques to trick us. Often, email tactics would claim that the user has won and an expensive item or an exotic holiday or resort to fear-mongering tricks to achieve their end goal. Email Poses as a Sexual Harassment Complaint The 'HARASSMENT COMPLAINT' email scam is a new trick that can be seen to deliver a variety of different messages, which are crafted carefully based on information about the recipient, such as their field of work or their profile. The message would state that the user has been accused of sexual harassment and it is being sent by the 'U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION.' You can see how, in the era of 'Me Too,' cyber crooks...