Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

Ryuk Ransomware

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Posted on August 23, 2018 in Ransomware

More Articles

RDFSNIFFER

Some hacking groups are state-sponsored and thus do the bidding of their governments in various campaigns targeting political and business sectors. Other hacking groups are autonomous and usually tend to be financially-motivated entirely. An example of the latter is the Carbanak Group (also referred to as FIN7), which is a group of shady individuals who have managed to wreak havoc all around the world over the years and cause damages in the hundreds of millions of dollars. Malware experts have detected a new tool that has been employed by the Carbanak Group, the RDFSNIFFER, recently. This hacking tool can be classified as a RAT (Remote Access Trojan) and seems to be utilized mainly as a second-stage payload with the assistance of the BOOTSWIRE Trojan loader, which is another tool that is present in the Carbanak Group’s arsenal. Targets...

Posted on October 15, 2019 in Malware

PortReuse

China is popular for its hacking groups. Some operate on their own terms, while others are believed to be sponsored by the Chinese government. One of the more notorious Chinese hacking groups is the Winnti Group. They are also known as APT41 (Advanced Persistent Threat). They have been gaining prominence since 2010. The Winnti Group is named after a hacking tool developed by this APT – the Winnti malware. This threat put the Winnti Group on the map and was first spotted in 2013. Ever since the hacking group gained some prominence thanks to the Winnti malware, they have been developing new tools, one of which is the PortReuse backdoor Trojan. Its Preference for Stealth Most backdoor Trojans follow the same pattern – they are operated via a remote C&C (Command & Control) server and tend to have a long list of capabilities. However, this...

Posted on October 15, 2019 in Backdoors

BOOSTWRITE

There are hacking groups, which are involved in activism strictly, there are others, which server various governments, and some act of pure greed. The latter is the case with the Chinese hacking group Carbanak Group, which also is known as FIN7. This hacking group became a known name ever since they launched the Carbanak Trojan. This threat managed to become one of the most notorious banking Trojans ever created and gave the name to the hacking group responsible for it. The Carbanak Group is known to mainly target companies that are involved in the restaurant, hospitality and retail industries. It appears that most of their victims are located in the United States. The Carbanak Group is developing new tools, and two of them have been spotted in the wild recently. It is likely that these new hacking tools may be utilized in campaigns...

Posted on October 15, 2019 in Trojans

GELCAPSULE

One would be surprised at how many high-profile hacking campaigns are hailing from North Korea considering how restricted the access to the Internet is over there. In the past, there used to be only one prominent hacking group originating from North Korea, and that was the Lazarus group. However, recently, there has been a new star on the horizon – the ScarCruft hacking group, which also is referred to as APT37 (Advanced Persistent Threat). Self-Preservation Techniques The ScarCruft hacking group has an expanding arsenal of hacking tools. Among them is the GELCAPSULE Trojan downloader. It has been determined that this threat is capable of recognizing whether it is being run in a sandbox environment. In case it is, as a method of self-preservation, the GELCAPSULE Trojan will halt its activity. This Trojan downloader also is known for...

Posted on October 15, 2019 in Trojan Downloader

Tarmac

Malware targeting OSX devices is not as common as malware that goes after computers running Windows. However, that does not mean that threats that are designed to target Apple computers specifically do not exist. A significant number of Mac owners believe that their devices are impenetrable falsely because it is a misconception that has brought headaches to many Apple users. Cybersecurity researchers spotted a brand new threat that targets Mac computers earlier this year. The harmful campaigns linked to this threat were concentrated in the United States, Italy and Japan. The name of this new threat is Shlayer Trojan, and it serves as a first-stage payload. For a while, malware experts were not able to determine what is the secondary payload, which the Shlayer Trojan malware delivers. However, in a more recent operation, it was...

Posted on October 14, 2019 in Malware

Attor

Attor is a threat that has been tailored to target mobile devices and has been able to operate for a couple of years without being spotted by malware researchers. This threat can be classified as a spyware tool, and it is likely that its operators have accumulated a large amount of collected data over the years. The Attor spyware has been spotted recently because its operators began targeting high-ranking individuals, which are linked to the Russian government. It appears that the activity of the Attor spyware is concentrated in Eastern Europe mainly, with the majority of targets located in the Russian Federation. May Utilize AT Commands The Attor spyware is a rather interesting threat. It has been determined that this hacking tool is built modularly. This allows the Attor malware to be very flexible. Furthermore, the design of this...

Posted on October 14, 2019 in Spyware

CORALDECK

The North Korean government is known to use the services of hackers. Recently, apart from the well-known Lazarus hacking group, a new actor has emerged, the ScarCruft APT (Advanced Persistent Threat). This hacking group also is often referred to as APT37. They appear to target high-ranking South Koreans mainly. However, malware researchers have spotted APT31 campaigns in the Middle East, as well as Vietnam and Japan. It is likely that the ScarCruft hacking group has begun operating in 2015. Preference for Stealth The ScarCruft group tends to pay special attention to stealth in its operations. Another signature component of the APT37 operations is the collection of important information from the host. One of their primary tools that the hacking group uses for gathering data is the CORALDECK malware. The first campaign involving the...

Posted on October 14, 2019 in Trojans

DOGCALL

There is a newly emerging high-profile ill-minded actor from North Korea, the ScarCruft hacking group. This group of individuals also is known as the APT37 (Advanced Persistent Threat). Cybersecurity researchers believe that the ScarCruft group is likely being funded by the North Korean government directly and is being used as a weapon against foreign governments and officials. Most of the APT37’s targets appear to be South Korean individuals in positions of importance or power. The ScarCruft hacking group has a long list of hacking tools, among which is the DOGCALL backdoor Trojan. The first campaign in which the DOGCALL Trojan was utilized took place in August 2016. Targeted Military and Government Institutions in South Korea In 2017 the APT37 launched an operation targeting government bodies and military institutions located in...

Posted on October 14, 2019 in Malware

NavRAT

The APT37 (Advanced Persistent Threat) is a hacking group that has been around for a while and is believed to work in cooperation with the North Korean government (although this information is yet to be confirmed with full certainty). Most of the targets of the APT37 group are concentrated in South Korea and ten to be rather high-profile. Recently, the APT37 used spear-phishing emails to propagate a threat called NavRAT (Remote Access Trojan). Malware researchers regard the delivery method used by the attackers as rather intriguing. It also is interesting to point out that the infrastructure used in the campaigns involving NavRAT is not very conventional too. Propagates via Spear-Phishing Emails The aforementioned spear-phishing emails would contain an infected attachment in the shape of a ‘.HWP’ file. This corrupted file is named...

Posted on October 11, 2019 in Remote Administration Tools

Hiddad

Hiddad is an Android-based piece of adware. Most of the activity of the Hiddad adware is concentrated in Russia, with over 40% of the victims being located there. However, there have been reports of infections in the USA, India, Germany, Ukraine, Indonesia among other countries. The creators of the Hiddad adware employ various social engineering techniques to achieve their end goal, which is convince the user to click on their advertisements. This may not sound like too much of a big deal, but the authors of the Hiddad can cash in some significant revenue if they manage to plant their creation on enough host devices. Spreads via Fake Applications This piece of adware appears to have been hosted on the official Google Play Stor, posing as several fake applications ‘Snap Tube,’ ‘Music Mania,’ and ‘Tube Mate.’ Thankfully, the developers...

Posted on October 11, 2019 in Adware

AndroidBauts

The AndroidBauts botnet is a network of infected Android devices that are used for promoting advertisements to users online. At one point, the number of infected devices was more than 550,000. The creators of the AndroidBauts botnet are able to gather data regarding the compromised devices - both software and hardware. Most of the infected devices appear to be located in India and Indonesia. However, a significant number of compromised Android devices that belong to the AndroidBauts botnet also can be found in Russia, Argentina, Vietnam, Malaysia and other countries. Propagated via Fake Applications The operators of the AndroidBauts botnet are likely to have infected this staggering amount of devices by hosting fake applications on the official Google Play Store. Users tend to be less careful when they are downloading applications from...

Posted on October 11, 2019 in Malware

Lotoor

Lotoor is a threat that is crafted to target Android devices specifically. Most of the Lotoor malware activity appears to be located in the Russian Federation, with more than 32% of the compromised devices being concentrated in this region. However, this malware family appears to be also rather active in the USA, Brazil, India, Germany, Vietnam and others. Lotoor’s Capabilities The approach of the Lotoor malware is to sneak into the target’s Android device silently and look for various exploits that may be present. Then, if any is detected, the Lotoor threat will try to use it to get administrator privileges. If this attempt is successful, the Lotoor malware will be able to receive and execute remote commands by its operators. This means that the Lotoor authors can: Collect sensitive data. Disable any security measures, which may be...

Posted on October 11, 2019 in Malware

Jsecoin

Jsecoin is a service used for mining cryptocurrency via the Web browser. This is achieved by injecting code written in JavaScript into the targeted website. Not all Web pages, which take advantage of this service are ill-intended, sometimes genuine websites use this feature, but the difference is that legitimate pages never fail to inform the user that their system will be used to mine cryptocurrency. However, there are rogue websites, which will not present the user with any notification. In the case of the cryptocurrency that is being mined is Monero. Visitors to websites, which have been injected with Jsecoin will have large amounts of their processing power used for mining Monero automatically. Often, such shady Web pages will make sure to use up as much processing power as possible with no regard for the user and their system....

Posted on October 11, 2019 in Malware

APT37

APT37 (Advanced Persistent Threat) is a hacking group that is likely to operate from North Korea. Experts speculate that APT37 may be financed by the North Korean government directly. This hacking group is also known as ScarCruft. Until 2017 APT37 concentrated almost all their efforts on targets located in South Korea. However, in 2017, the hacking group began expanding their reach and started launching campaigns in other East Asian states such as Japan and Vietnam. The APT37 has also had targets located in the Middle East. The hacking group is also known to collaborate with other ill-minded actors. APT37 is meant to further North Korean interests, and thus their targets tend to be high-profile. The hacking group tends to target industries linked to automobile manufacturing, chemical production, aerospace, etc. Propagation Methods...

Posted on October 10, 2019 in Malware

COMpfun

COMpfun is a RAT (Remote Access Trojan) that belongs to the Turla hacking group and was first detected around 2014. The Turla APT (Advanced Persistent Threat) is believed to be a group of Russian individuals that are likely to be sponsored by the Kremlin (but this information is yet to be confirmed). The Turla hacking group tends to target high-profile individuals/organizations located in Russia and Belarus. The Turla APT has an impressive arsenal of hacking tools, and if you compare the COMpfun RAT to another one of their threats, the Reductor Trojan, you will see that the latter is far more threatening and complex. However, the COMpfun RAT is not to be estimated either as it can still enable the attackers to hijack a system and gain complete control over it. Capabilities Some of the features of the COMpfun RAT include: Capturing...

Posted on October 10, 2019 in Remote Administration Tools
1 2 3 4 5 6 7 8 9 10 11 1,366