Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

Ryuk Ransomware

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Posted on August 23, 2018 in Ransomware

More Articles

ZUMKONG

The ZUMKONG infostealer is a hacking tool that is a part of the arsenal of the infamous APT37 (Advanced Persistent Threat). This hacking group is also known under the alias ScarCruft. Malware researchers have determined that this group of individuals is located in North Korea and is likely doing the bidding of Kim Jong-Un as hired mercenaries by the government. Therefore, it makes sense why most of the victims of the APT37 group are South Korean organizations and individuals in influential positions. Propagation Method It is likely that the ScarCruft hacking group is using spam email campaigns to propagate most of their threats, as this appears to be their preferred infection vector. The emails are usually tailored carefully since they do not tend to target everyday users but high-ranking employees or large corporations of government...

Posted on October 21, 2019 in Trojans

SLOWDRIFT

The North Korean government does not shy away from using hacking groups to do their bidding on the international stage. They are known to have been working with the notorious Lazarus hacking group for years, which has carried out numerous attacks aimed at furthering North Korean interests politically. Recently, they have begun working with another hacking group – ScarCruft. The ScarCruft group also is known as APT37 (Advanced Persistent Threat). They have carried out attacks against Middle Eastern targets, but most of their victims are located in South Korea. The ScarCruft hacking group does not go after everyday users - their efforts are concentrated on individuals in prestigious positions or large organizations. Propagation Method Usually, the ScarCruft hacking group uses email campaigns to propagate their hacking tools. More...

Posted on October 21, 2019 in Trojan Downloader

Wiki Ransomware

Ransomware threats have been one of the most popular security threats in the past few years. Unfortunately, they also are among the most harmful threats out there. One of the most well-known ransomware families is the Dharma Ransomware family. Cyber crooks have created countless variants of this infamous data-locking Trojan. Recently, a new variant of the Dharma Ransomware has emerged. Its name is Wiki Ransomware. Propagation and Encryption It is likely that the creators of the Wiki Ransomware are using emails containing macro-laced attachments to spread this nasty threat. It is also possible that they are employing bogus application downloads, torrent trackers, and fake copies of popular software tools to propagate the Wiki Ransomware. When the Wiki Ransomware compromises a computer, it will look for certain files to lock. Usually,...

Posted on October 21, 2019 in Ransomware

Kiss Ransomware

Ransomware threats have been plaguing the Internet for years now, and we will likely not see the end it any time soon. File-locking Trojans are easy to distribute and are one of the most vicious threats, which almost always guarantee destruction to the victim. Users who do not have an anti-malware tool installed and fail to update all their software regularly are the ones that are most vulnerable to ransomware threats. One of the most recently uncovered data-encrypting Trojans has been dubbed Kiss Ransomware. This threat does not appear to belong to any of the popular ransomware families. Propagation and Encryption It is likely that bogus pirated copies of legitimate applications, mass spam email campaigns, malvertising operations, and fraudulent application updates may be some of the infection vectors employed in the spreading of the...

Posted on October 21, 2019 in Ransomware

DictionaryBoss

Many Web browser extensions can be very helpful and improve one's browsing quality greatly. However, many dodgy individuals also have hopped on the train of browser extension creation. Such dubious actors do not aim at creating high-quality products, which will leave users satisfied and grateful. Instead, they tend to pump out low-quality browser extension tools, which often tend to cause irritation and can be an unwarranted hassle to remove. This is the case with the DictionaryBoss Google Chrome browser extension. This tool claims to be of great use for translating text and generating synonyms of words and phrases. It is likely that the creators of the DictionaryBoss extension may be targeting students who do most of their work on their computers. Wants Permission to Change the New Tab Page The DictionaryBoss Google Chrome extension...

Posted on October 21, 2019 in Possibly Unwanted Program

MILKDROP

A North Korea-based hacking group has been making the headlines recently. They are known as ScarCruft or APT37 (Advanced Persistent Threat). Cybersecurity experts believe that the ScarCruft group is funded by Kim Jong-Un's government directly and is used by them to carry out hacking attacks that serve to further North Korean interests. Most of the APT37's campaigns take place in South Korea and target high-ranking individuals. The ScarCruft group has a wide range of hacking tools that keeps expanding. Among them is the MILKDROP backdoor Trojan. MILKDROP's Capabilities The MILKDROP Trojan does not have a particularly long list of capabilities, but it is a threat, which operates very silently. Once this backdoor Trojan has gained access to the target's system, it will gain persistence by tampering with the Windows Registry. This would...

Posted on October 18, 2019 in Backdoors

SOUNDWAVE

Hacking campaigns have all end goal sorts - collecting money, causing intentional destruction or simply wreaking havoc for a laugh. Some hackers, though, use their skills to collect information, which can then be used in harmful operations. This is the case with the SOUNDWAVE malware. This threat belongs to the arsenal of the ScarCruft hacking group. This group of highly-skilled individuals hails from North Korea and also is known as APT37 (Advanced Persistent Threat). Cybersecurity experts at large believe that the ScarCruft hacking group is working for the North Korean government and is used as an attack vector against perceived enemies of the regime. This explains why most of the victims of the APT37's threatening campaigns are South Korean. This hacking group is known to attack individuals on high-ranking positions and government...

Posted on October 18, 2019 in Malware

MedusaLocker Ransomware

There has been a brand new file-locking Trojan, which was spotted by malware researchers recently. It was given the name MedusaLocker Ransomware. Unlike most newly discovered ransomware threats, this data-encrypting Trojan appears to be a project built from square one as it does not belong to any of the known ransomware families. So far, cybersecurity experts have not been able to create a decryption tool and release it publicly. Propagation It is not clear what propagation kind is being utilized in the spreading of the MedusaLocker ransomware. Some believe that mass spam email campaigns may be responsible for the propagation of this threat. Bogus application updates and fake pirated variants of popular software also is a common technique for spreading malware of this class. The Two Variants of the MedusaLocker Ransomware Malware...

Posted on October 18, 2019 in Ransomware

Sun Ransomware

Ransomware threats have managed to cause a lot of trouble for countless users worldwide. This malware type is perceived largely as an easy way to make a quick buck, and this is the reason why there is a growing number of cybercriminals trying their luck in creating and spreading file-locking Trojans. The Sun Ransomware is one of the most recently spotted threats of this type. Propagation and Encryption The propagation methods employed in the spreading of the Sun Ransomware are not yet known. Some researchers put the blame on spam email campaigns, which contain infected attachments, as this is one of the most used methods of propagating malware. Fraudulent pirated variants of legitimate software and fake application updates also may be among the techniques for spreading the Sun Ransomware. The infected system will be scanned, and then...

Posted on October 18, 2019 in Ransomware

Uta Ransomware

The Dharma Ransomware family used to be one of the most widely propagated ransomware families in the world. However, back in 2018, a large number of decryption keys were released publicly, and many thought that this was the end of the Dharma Ransomware. Despite this serious hiccup in the Dharma Ransomware project, there are still variants created and propagated. An example would be the Uta Ransomware. There are no free available decryption tools published online yet so that unlocking your data without paying is not possible. Propagation and Encryption It is not known how the Uta Ransomware is being spread. Torrent trackers and bogus application updates may be at play here. It also is likely that the authors of the Uta Ransomware are using spam emails containing macro-laced attachments to spread this nasty Trojan. All the files on the...

Posted on October 18, 2019 in Ransomware

Get2

There is a hacking group that has been developing over the past several years greatly. It is called TAT505, and researchers believe that this group is behind the notorious Locky Ransomware campaigns and the Dridex banking Trojan. The TAT505 group appears to target companies in the finance industry, mainly. The hacking group is known to launch attacks all around the globe – the United States, Canada, Singapore, Greece, Sweden, Georgia and others. When malware researchers studied the latest TAT505 campaigns, they came across two previously unknown malware families – the SDBBot RAT and the Get2 Trojan downloader. Collects Data and Delivers a Secondary Payload Much like most Trojan downloaders, once the Get2 Trojan infiltrates a host, it will start collecting information regarding the hardware of the host and the software present. All the...

Posted on October 17, 2019 in Remote Administration Tools

SDBbot RAT

While some hacking groups are employed by governments and used to do their bidding in various campaigns, other hacking groups are financially motivated purely. The TAT505 group belongs to the latter category. This hacking group’s activity was first spotted in 2017 and has been monitored ever since. They target businesses operating in the finance industry, mostly. On the 7th of September, they launched an attack targeting victims in Sweden, Singapore, Greece, Georgia and other places. The propagation method utilized by the TAT505 hacking group was bogus emails containing infected attachments. The attachment was tailored to look like a legitimate Excel document so that the user does not sense that something fishy is going on. If the targeted person opens the attachment, it will trigger the launch of the Get2 Trojan downloader. This...

Posted on October 17, 2019 in Remote Administration Tools

Graboid

Most cryptojacking worms are propagated via torrents, malvertising campaigns, bogus downloads and other popular methods. However, some cyber crooks opt to utilize more creative infection vectors. Such is the case with the Graboid cryptojacking worm. The authors of the Graboid worm are spreading this threat using unsecured containers, in this instance, Docker. Most Victims are Located in China The creators of this cryptojacking worm are not targeting a certain class of people or a specific industry or business type. However, most of the victims of the Graboid worm are located in China. It has been determined that there are likely more than 10,000 victims so far. The purpose of the Graboid cryptojacking worm is to infect a system and hijack its resources to mine the Monero cryptocurrency. By default, Docker does not have ports open for...

Posted on October 17, 2019 in Worms

RUHAPPY

A newly emerging hacking group from North Korea has been making the headlines recently. This group is known as APT37 (Advanced Persistent Threat) or ScarCruft. The APT37 group appears to be employed by the North Korean government and used as their cyber-attack-dogs alongside the infamous Lazarus hacking group. The majority of the the ScarCruft hacking group targets are prone to be located in South Korea, but there have been some notable campaigns against targets in the Middle East too. The APT37 group has a preference for stealth, and they design their tools to operate silently and remain under the radar of their victims for as long as possible. This way, the ScarCruft group can collect more information about its targets. Can Render a System Inoperable Despite the fact that most of the hacking tools in the APT37 arsenal are tailored...

Posted on October 17, 2019 in Malware

Blackremote RAT

Cybercriminals do not always end up using the malware, which they build. Often, instead of employing their hacking tools in campaigns, they would sell them or rent them to other shady individuals online. This is the case with the Blackremote RAT (Remote Access Trojan). The creators of this Trojan had posted an advertisement online, which got on the radar of malware researchers immediately. The advertisement was posted by a user with the name ‘Speccy’ or ‘Rafiki.’ The creators of the Blackremote RAT claim that their threat is ‘undetectable’ and has a long list of capabilities. Masks as a Legitimate Tool A common tactic when renting out or selling hacking tools is to try and pass it off as a legitimate application with no unsafe potential. However, the people who sell it and the people who buy it are well aware of what the real deal is....

Posted on October 16, 2019 in Remote Administration Tools
1 2 3 4 5 6 7 8 9 10 11 1,367