Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

GandCrab Ransomware

GandCrab ransomware is a malware threat that encrypts data on affected computers and demands the payment of ransom in exchange for a decryption tool. That cryptovirus appeared for the first time at the end of January this year, and since then researchers have identified several different versions of GandCrab, among which GDCB, GandCrab v2, GandCrab v3, GandCrab v4, and GandCrab v5. The latest version was identified just about a month ago in September 2018. The features and encryption mechanisms of this ransomware have evolved since its first appearance - while the initial three versions have used RSA and AES encryption algorithms to lock up data on the infected device, version 4 and above employ additional and more sophisticated cipher like Salsa20. Malware researchers believe that this is done mostly for speed reasons as the Salsa20...

Posted on January 29, 2018 in Ransomware

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

More Articles

CallerSpy

Nowadays, everyone has a smartphone, and the largest share of the market certainly belongs to Android. This explains why a growing number of cybercriminals are building threats that target Android devices exclusively. One of the most recently spotted malware strains designed for Android devices is called CallerSpy. The CallerSpy threat serves as a spying tool that gathers data on the targeted user. To propagate it freely, the creators of the CallerSpy malware have masked it as a messaging application. The CallerSpy threat poses as either ‘Apex App’ or ‘Chatrious.’ These fake applications were hosted on a website tailored to look like a genuine Google site specifically. The Web page in question had the ‘Gooogle(dot)press.’ domain name. Imitating a Google-related website is a very old trick used by countless cyber crooks through the...

Posted on December 4, 2019 in Malware

OSX/NukeSped

North Korea’s most prolific hacking group is the Lazarus APT (Advanced Persistent Threat) undoubtedly. Security experts believe that this hacking group is sponsored by the North Korean governmen directly and is likely paid to do Kim Jong-un’s bidding. Among their vast arsenal of hacking tools is the NukeSped RAT (Remote Access Trojan). So far, the NukeSped RAT was designed to target devices running Window only. However, it would appear that the Lazarus hacking group has decided to expand its reach and have redesigned the NukeSped RAT allowing the threat to now target Mac systems too. The name of the new NukeSped RAT variant is OSX/NukeSped. Propagation Methods Malware researchers have spotted two propagation methods employed by the Lazarus hacking group: A bogus Adobe Flash file that carries a genuine copy of the application alongside...

Posted on December 4, 2019 in Backdoors

CStealer

The CStealer threat is yet another strain of malware that aims at collecting information about its targets. The CStealer malware is designed to target systems running Windows exclusively. Infostealers like the CStealer threat tend to gather data from the host and then transfer it to the remote server of its operators. Exfiltration Technique Normally, the authors of threats of this class tend to use FTP or HTTP connection to siphon the gathered data. Another method that is gaining popularity is employing a Telegram bot to exfiltrate the information. However, in the case of the CStealer malware, the attackers have opted to use a rather interesting technique. The collected information is transferred to a MongoDB database set up by the threat’s authors. However, there are some issues with this method certainly. The attackers have hardcoded...

Posted on December 4, 2019 in Trojans

SwiftEngine

A growing number of shady individuals are developing all malware types and PUPs (Potentially Unwanted Programs) that are targeting OSX exclusively. It is important to note that PUPs are not threatening applications and would not harm your system. However, they will not bring any value to you either; quite the opposite, PUPs tend to reduce one’s browsing quality and cause annoyance. Spams Users with Advertisements The SwiftEngine application is a PUP that is designed to target systems running OSX. This application poses as software that is meant to enhance your search engine and help it deliver more relevant results. It also claims to improve the efficiency of your Web browsing sessions. However, none of this is true, and the SwiftEngine application is not going to improve your experience in any way. Instead of introducing improvements...

Posted on December 4, 2019 in Potentially Unwanted Programs

LockBit Ransomware

Ransomware threats are running rampant on the Web. Countless users have reported that their data has been encrypted by a data-locking Trojan. Unfortunately, it is not likely that we will see the end of the epidemic any time soon. One of the newest threats of this type has been dubbed the LockBit Ransomware. This nasty Trojan is capable of locking all the data present on a compromised system very quickly. Propagation and Encryption It does not seem that the LockBit Ransomware is a copy of any of the popular ransomware threats active currently. The infection methods used in the propagation of the LockBit Ransomware have not yet been determined. However, authors of ransomware tend to rely on spam email campaigns to spread their creations mainly. The emails tend to consist of a fraudulent message that aims at convincing the target to...

Posted on December 4, 2019 in Ransomware

iWorm

Malware that targets Mac computers is becoming more and more common by the day. One of the threats that target machines running OSX exclusively is called iWorm. Cybersecurity researchers have firs spotted this threat back in 2014. It has been reported that the iWorm malware has managed to compromise around 18,000 devices worldwide. This threat is capable of taking control of the infected host and using it for various purposes. It appears that the operators of the iWorm malware are using it to build a botnet. Experts are not fully certain what the botnet will be used for, but it is likely that it may be employed in DDoS (Distributed-Denial-of-Service) attacks, mass spam email campaigns, cryptocurrency mining operations, etc. Capabilities Apart from being able to gain control over the compromised system, the iWorm malware also enables...

Posted on December 3, 2019 in Botnets

PyXie RAT

The PyXie RAT is a threat that was first uncovered in 2018. In its essence, this threat is a RAT (Remote Access Trojan), which is written in the Python programming language. When malware researchers first spotted the PyXie RAT, the threat was not spread very widely. However, its operators have since made sure to expand their reach, and cybersecurity experts have spotted several variants of the threat lurking the Web. Upon dissecting the PyXie RAT, experts have concluded that its authors are very highly-skilled and experienced as this threat is a very high-end Remote Access Trojan. The creators of the PyXie RAT have borrowed code from a couple of infamous hacking tools and made sure that their creation is difficult to study and analyze. Packs a Threatening Downloader Module The operators have a corrupted code to legitimate DLL files...

Posted on December 3, 2019 in Remote Administration Tools

Xochuaime.site

The Xochuaime.site Web page is one of the numerous dodgy or outright useless websites on the Internet. The Xochuaime.site not only does not host any valuable content, but launching it would often lead the user to an empty page. Many users have reported that the Xochuaime.site page has tried to trick them into permitting the site to display Web browser notifications or mobile notifications. The operators of the Xochuaime.site website appear to be using various social engineering techniques to achieve this goal. It Spams Users with Web Browser Notifications One of the tricks that the Xochuaime.site page’s authors use, is to present users with a bogus prompt on a few of their subpages. Supposedly, the purpose of the prompt is for the users to confirm that they are legitimate and not a bot. Normally, such security measures ask the user to...

Posted on December 3, 2019 in Adware

Urgent-incoming.email

Many shady individuals online have been using Web browser notifications as a tool to promote dodgy services and low-quality products. Legitimate websites would often use Web browser notifications to provide the user with meaningful information or content such as breaking news or the latest discounts. However, dubious websites would instead bombard the user with unwanted advertisements via their browser notifications tirelessly. More often than not, these shady Web pages would not host any worthwhile content and will exist with the sole purpose of spamming advertisements. Among the Web pages that take part in this practice is the Urgent-incoming.email site. The Urgent-incoming.email website is capable of detecting which Web browser the persons are using and even whether they are on a PC or a mobile device. This allows them to present...

Posted on December 3, 2019 in Adware

Msop Ransomware

The Msop Ransomware is a newly uncovered data-locking Trojan. Upon spotting and studying this threat, malware researchers found that this is yet another variant of the notorious STOP Ransomware. In 2019, the STOP Ransomware family has been the most active ransomware family out there, undoubtedly. It has been estimated that ransomware authors have released approximately 200 variants of the STOP Ransomware in 2019 alone. Propagation Methods It is not clear what is the exact propagation method that the authors of the Msop Ransomware are utilizing in the spreading of this nasty Trojan. Spam emails are the most commonly used method in regard to the propagation of ransomware threats. Usually, these emails would contain a message ridden with social engineering tricks whose sole purpose is to deceive the user into believing that the file that...

Posted on December 3, 2019 in Ransomware

OSX/NewTab

Mac users tend to fall into the trap of false confidence when it comes to security measures. Mac computers are rather safe systems, but they are far from impenetrable, and anyone who believes that they are is playing a very threatening game. An increasing number of malware creators are taking an interest in developing threats for the OSX. Promotes Potentially Unsafe Content Cybersecurity researchers have spotted a new malware targeting Mac computers, the OSX/NewTab. This threat is not a very complex one. Its goal is to infiltrate the Safari Web browser and launch new tabs in the windows that the user has opened. When categorizing malware, experts tend to put applications like the OSX/NewTab in the PUP (Potentially Unwanted Program) category. However, PUPs tend to advertise a particular website or redirect the user to a certain search...

Posted on December 2, 2019 in Malware

OSX/Mokes

Among the more harmful threats that are targeting Mac computers is certainly the OSX/Mokes malware. The OSX/Mokes threat has a very wide reach, as this malware is compatible not only with Windows but also Linux and OSX. This threat serves as a backdoor Trojan, which allows its operators to compromise a system, exploit it, monitor the user, and collect sensitive data that will then be transferred to their C&C (Command & Control) servers. Most malware researchers have concentrated on reporting on the Windows variant of the OSX/Mokes, but this does not mean that the other versions of the threat are to be ignored as they are just as threatening. Propagation Methods and Capabilities Cybersecurity experts have not been able to figure out the exact propagation method employed in the spreading of the OSX/Mokes malware. It is being speculated...

Posted on December 2, 2019 in Backdoors

Mac Auto Fixer

The Mac Auto Fixer is a shady application that targets systems that are running Apple’s OSX exclusively. The authors of this application have set up a website promoting it, which is likely a trick that is meant to make the software tool appear more legitimate than it is. In the Mac Auto Fixer application website, you can download a trial version of this dodgy product, but not all users who have stumbled upon the dubious tool have found it via the Web page. In fact, most users who have happened to come across the Mac Auto Fixer application have done so thanks to bogus Adobe Flash Player updates, fake download suggestions, software bundling and other shady means of propagation. Technically, the Mac Auto Fixer application cannot be considered as malware because it does not harm the users or their systems. This is why cybersecurity experts...

Posted on December 2, 2019 in Potentially Unwanted Programs

MacDownloader

The MacDownloader malware is a very harmful and potent threat that is capable of wreaking a lot of havoc if it manages to compromise a system successfully. The MacDownloader threat targets systems running Apple’s OSX, as may be evident by its name. It would appear that the authors of the MacDownloader malware are propagating it by disguising this threat as an Adobe Flash Player update. This rather high-end threat is likely the creation of an Iranian APT (Advanced Persistent Threat). This APT tends to go after high-profile targets mainly, so regular users will likely not be affected by the MacDownloader malware. According to reports, the MacDownloader malware has so far been utilized against US defense contractors such as Lockheed Martin, Raytheon and Boeing. How the MacDownloader Threat Operates The authors of the MacDownloader malware...

Posted on December 2, 2019 in Malware

Diller13 Ransomware

The Diller13 ransomware is a malware that is loosely related to the Scarab ransomware family. Diller13 has closer ties to a more immediate predecessor - the Maoloa ransomware. This particular strain was detected and described by security researcher Amigo-A on Twitter in mid-2019. The ransomware appends the ".diller13" extension to scrambled files and puts its ransom note in a file named "how_to_back_files.html". The only thing that is certain about Diller13 ransomware is that its developers are not native English speakers. Here is the full text of the ransom note: All your data has been ciphered! The only way of recovering your files is to buy a unique decryptor. A decryptor is fully automatical, all your data will be recovered within a few hours after it's installation. For purchasing a decryptor contact us by email: diller13 at...

Posted on December 2, 2019 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,377