Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

Ryuk Ransomware

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Posted on August 23, 2018 in Ransomware

More Articles

Sphinx Ransomware

Malware researchers have uncovered a new data-encrypting Trojan in search of new victims. This new threat was dubbed the Sphinx Ransomware. It does not appear that the Sphinx Ransomware belongs to any of the popular ransomware families. Propagation and Encryption The infection methods utilized in the spreading of this nasty Trojan are not yet known. Researchers believe that the creators of the Sphinx Ransomware may be using mass spam email campaigns to propagate this threat. This would mean that targeted users will receive an email containing a fraudulent message and an attached file. The message’s goal is to convince the user that it is safe to launch the attachment. However, the attachment is usually a macro-laced document, and opening it will allow the Sphinx Ransomware to execute its corrupted script. Of course, there are other...

Posted on November 15, 2019 in Ransomware

LimeRevenge RAT

Remote Access Trojans (which are often referred to as RATs for short) are a very malware type. Nearly anyone can get their hands on a RAT even if they do not have the capabilities to build one themselves. This threat is available for purchase readily and to be rented on underground hacking forums. One can even opt to use a free RAT even though these are likely to be of lower quality compared to the paid ones. The more high-end RATs are better at remaining under the radar of their victim and any potential anti-virus applications. This allows its operators to have access to the compromised host for long periods and cause more damage. A RAT which is popular with both less experienced cybercriminals and highly-skilled cyber crooks is the RevengeRAT. Cybersecurity experts have stumbled upon a new and upgraded variant of the classic...

Posted on November 15, 2019 in Remote Administration Tools

CredRaptor

Despite staying on the down-low for a while, the Telebots hacking group appears to have reemerged from the shadows. This hacking group has gone down in history with the first-ever blackout caused by a hacking tool. They are known for developing very complex, high-end malware. Unlike some hacking groups that tread carefully and do not aim to cause damage to the compromised hosts, the Telebots group takes a different approach. They have very little regard for their targets’ systems and data, and some of their threats are known to cause permanent, irreversible damage to its victims. Telebots Group’s Hacking Arsenal Among some of its more well-known hacking tools are: BlackEnergy – A tool that was used in various operations targeting the energy sector in Ukraine. Industroyer – The malware, which made history also targeted the Ukrainian...

Posted on November 15, 2019 in Backdoors

CHEESETRAY

The APT38 (Advanced Persistent Threat) is in the news yet again. This hacking group operates from North Korea and also is known under the alias Lazarus. Their criminal activities have gone so overboard that some of their members are wanted by the United States Federal Bureau of Investigation currently. The APT38 group main motivation seems to be monetary gain as they tend to target large financial institutions and banks worldwide. This hacking group is believed to be sponsored by the North Korean government directly, so it is likely that they are doing Kim Jong-un’s bidding. Allows the Attackers to Collect Data Over Long Silently The APT38 hacking group tends to take its time when carrying out an operation. They would often infiltrate their target and spend as long as they can under their radar, all while collecting data about its...

Posted on November 15, 2019 in Malware

CLEANTOAD

The APT38 (Advanced Persistent Threat) is back in the news with a new hacking tool called CLEANTOAD. This hacking group also is known as Lazarus and operates from North Korea. It is believed that the APT38 group is sponsored by the North Korean government and carries out hacking campaigns on their behalf. This hacking group operates on a very high level, and some of its members are wanted by the FBI. Quiet Operations Most of the APT38's campaigns are motivated financially, and their targets tend to be banks and various other financial institutions. The APT38 group is rather patient when operating and is known to take its time and carry out attacks over long periods. This helps its threatening activity to remain under the radar of their targets for longer. Often, the APT38 group's campaigns deliver several payloads with different...

Posted on November 14, 2019 in Malware

Exaramel

The Exaramel hacking tool is a threat, which was spotted in one of the campaigns of the TeleBots hacking group recently. When studying the threat, malware researchers noticed that the Exaramel malware is rather similar to another hacking tool in the arsenal of the TeleBots group called Industroyer. The TeleBots hacking group has been very active in recent years and has made many headlines with its threatening campaigns. Its most famous operation took place in 2015 and involved them, causing a blackout, which had never before been achieved with malware. The TeleBots group also is the one behind the infamous Petya Ransomware, which plagued the Web for a while. The threat would lock the MBR (Master Boot Record) of the hard drive on the targeted system. Delivered as Secondary Payload The Exaramel malware is a backdoor Trojan, and it is...

Posted on November 14, 2019 in Backdoors

'HARASSMENT COMPLAINT' Email Scam

Email tactics have been around since the dawn of the Internet. We, as humans, have a desire for the unearned and cybercriminals, have developed numerous tricks and social engineering techniques to trick us. Often, email tactics would claim that the user has won and an expensive item or an exotic holiday or resort to fear-mongering tricks to achieve their end goal. Email Poses as a Sexual Harassment Complaint The 'HARASSMENT COMPLAINT' email scam is a new trick that can be seen to deliver a variety of different messages, which are crafted carefully based on information about the recipient, such as their field of work or their profile. The message would state that the user has been accused of sexual harassment and it is being sent by the 'U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION.' You can see how, in the era of 'Me Too,' cyber crooks...

Posted on November 14, 2019 in Adware

AnteFrigus Ransomware

A new ransomware threat called AnteFrigus Ransomware has been spotted recently. What is interesting about this threat is that its authors are not propagating it via the usual channels like spam emails, bogus application updates or torrent trackers. Instead, the creators of the AnteFrigus Ransomware have opted to utilize the RIG Exploit Kit. This leads malware researchers to believe that the creators of the AnteFrigus Ransomware are rather high-end cybercriminals with advanced skills and experience. Does not Target Data on the C: Partition Another notable feature of the AnteFrigus Ransomware is that unlike most ransomware threats, which make sure to encrypt as much data as possible, this data-encrypting Trojan only goes after files, which are located on the D,: E,: F,: G,: H: and I: partitions. Having in mind that most regular users...

Posted on November 14, 2019 in Ransomware

Grod Ransomware

The Grod Ransomware is a brand-new data-locking Trojan that researchers have uncovered. After studying it, it became clear that the Grod Ransomware belongs to the notorious STOP Ransomware family – the most active ransomware family in 2019. Propagation and Encryption It is not clear how the Grod Ransomware is being propagated. Some believe that the creators of the Grod Ransomware are using mass spam email campaigns, fake software updates and bogus pirated copies of legitimate applications. However, the exact infection vector has not been pinpointed. Once the Grod Ransomware manages to compromise the targeted host, it will scan all the files, which are stored on the computer. The Grod Ransomware targets a wide variety of file types, as this ensures more damage. The more files that the Grod Ransomware locks, the greater the chance that...

Posted on November 14, 2019 in Ransomware

PureLocker Ransomware

One of the ultimate ransomware threats to be detected by cybersecurity researchers is the PureLocker Ransomware. It is likely that the PureLocker Ransomware is available to be rented as a ransomware-as-a-service tool. This makes it far more threatening as we can never know how many shady individuals have gotten their hands on the PureLocker Ransomware and are propagating it. Thankfully, the authors of the PureLocker Ransomware have set the price rather high, so not many criminals will be able to afford the substantial sum. Impressive Self-Preservation Techniques The PureLocker Ransomware is written in a programming language called PureBasic. The PureBasic programming language allows a threat to be very flexible since malware written in this language can be reworked to be executed on systems running Windows, OSX and Linux. The fact that...

Posted on November 13, 2019 in Ransomware

Peet Ransomware

The most active ransomware family in 2019 has undoubtedly been the STOP Ransomware family, with numerous variants of this file-locking Trojan popping up. One of the newest copies of the STOP Ransomware family that was spotted by malware researchers is called the Peet Ransomware. Propagation and Encryption The infection triggers utilized in the spreading of the Peet Ransomware have not yet been revealed. Some cybersecurity experts believe that among the propagation methods used in the Peet Ransomware campaign may be spam emails containing infected attachments, bogus application updates, and fake pirated copies of popular software tools. Upon infiltrating a system, the Peet Ransomware will start a scan whose aim is to locate all the files, which fit the ransomware threat's criteria. Like most threats of this type, the Peet Ransomware...

Posted on November 13, 2019 in Ransomware

Dharma-Ninja Ransomware

Ransomware threats are among the most popular malware types nowadays, undoubtedly. There are ransomware-builder kits, which have made the creation of ransomware threats easy exceptionally and have thus lowered the entry bar allowing an ever-growing number of cybercriminals to create and propagate this malware kind. One of the newest spotted ransomware threats is called the Dharma-Ninja Ransomware. The Dharma-Ninja Ransomware is a variant of the very popular Dharma Ransomware. Propagation and Encryption It is not known how the Dharma-Ninja Ransomware is being spread exactly. Some researchers believe that the authors of the Dharma-Ninja Ransomware may be using mass spam email campaigns, fake software updates, and bogus pirated variants of legitimate applications to propagate this nasty file-locking Trojan. The Dharma-Ninja Ransomware...

Posted on November 13, 2019 in Ransomware

JesusCrypt Ransomware

A brand-new file-encrypting Trojan has been spotted in the wild. Its name is JesusCrypt Ransomware. Once malware researchers came across the JesusCrypt Ransomware, they made sure to dissect the threat. What they discovered is that this ransomware threat is an unfinished project with some ‘good’ potential. Cybersecurity experts speculate that this may be a variant of the HiddenTear Ransomware, but this is yet to be confirmed. Propagation and Encryption It is not clear what propagation methods are the attackers using to spread the JesusCrypt Ransomware. The most commonly used infection vector is spam emails. These emails often contain a fraudulent message riddled with social engineering tricks whose sole purpose is to lure the user into opening the attached file. The message may make it seem like this is an important and yet completely...

Posted on November 13, 2019 in Ransomware

Send-news.net

You might have stumbled upon the Send-news.net website if you were looking for illicit free streams or pages hosting other shady content whose operators have been paid to promote the dodgy site. The Send-news.net is a dubious Web page whose goal is to get the user to allow the site to send browser notifications. This is not to say that browser notifications are always a pest. Legitimate websites offer to send browser notifications that can be of great help to users. However, this is what happens with the Send-news.net. Instead, this shady website will attempt to promote low-quality products and dodgy services, turning browser notifications into constant pop-up advertisements effectively, which will surely disrupt your browsing. Uses Social Engineering Tricks The Send-news.net site uses several social engineering tricks to get the user...

Posted on November 13, 2019 in Browser Hijackers

Glimpse

Glimpse is a newly uncovered hacking tool that is believed to be the creation of the OilRig group. This hacking group is also known as APT34 (Advanced Persistent Threat) and originates from Iran. Malware researchers have been familiar with the OilRig hacking group for a while, and they are known to be highly-skilled and very threatening. The Glimpse malware is built in a very interesting fashion. The Glimpse threat uses the DNS protocol instead of utilizing the usual, and rather noisy FTP or HTTP connections. However, despite this significantly reducing the noise of the harmful operation, it has some significant negative sides too. The use of the DNS protocol hinders the capabilities of the Glimpse threat greatly. The reason behind this is that this method only supports certain characters and has a limited quantity of data that can be...

Posted on November 12, 2019 in Malware
1 2 3 4 5 6 7 8 9 10 11 1,373