Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

Ryuk Ransomware

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

Posted on August 23, 2018 in Ransomware

More Articles

MILKDROP

A North Korea-based hacking group has been making the headlines recently. They are known as ScarCruft or APT37 (Advanced Persistent Threat). Cybersecurity experts believe that the ScarCruft group is funded by Kim Jong-Un's government directly and is used by them to carry out hacking attacks that serve to further North Korean interests. Most of the APT37's campaigns take place in South Korea and target high-ranking individuals. The ScarCruft group has a wide range of hacking tools that keeps expanding. Among them is the MILKDROP backdoor Trojan. MILKDROP's Capabilities The MILKDROP Trojan does not have a particularly long list of capabilities, but it is a threat, which operates very silently. Once this backdoor Trojan has gained access to the target's system, it will gain persistence by tampering with the Windows Registry. This would...

Posted on October 18, 2019 in Backdoors

SOUNDWAVE

Hacking campaigns have all end goal sorts - collecting money, causing intentional destruction or simply wreaking havoc for a laugh. Some hackers, though, use their skills to collect information, which can then be used in harmful operations. This is the case with the SOUNDWAVE malware. This threat belongs to the arsenal of the ScarCruft hacking group. This group of highly-skilled individuals hails from North Korea and also is known as APT37 (Advanced Persistent Threat). Cybersecurity experts at large believe that the ScarCruft hacking group is working for the North Korean government and is used as an attack vector against perceived enemies of the regime. This explains why most of the victims of the APT37's threatening campaigns are South Korean. This hacking group is known to attack individuals on high-ranking positions and government...

Posted on October 18, 2019 in Malware

MedusaLocker Ransomware

There has been a brand new file-locking Trojan, which was spotted by malware researchers recently. It was given the name MedusaLocker Ransomware. Unlike most newly discovered ransomware threats, this data-encrypting Trojan appears to be a project built from square one as it does not belong to any of the known ransomware families. So far, cybersecurity experts have not been able to create a decryption tool and release it publicly. Propagation It is not clear what propagation kind is being utilized in the spreading of the MedusaLocker ransomware. Some believe that mass spam email campaigns may be responsible for the propagation of this threat. Bogus application updates and fake pirated variants of popular software also is a common technique for spreading malware of this class. The Two Variants of the MedusaLocker Ransomware Malware...

Posted on October 18, 2019 in Ransomware

Sun Ransomware

Ransomware threats have managed to cause a lot of trouble for countless users worldwide. This malware type is perceived largely as an easy way to make a quick buck, and this is the reason why there is a growing number of cybercriminals trying their luck in creating and spreading file-locking Trojans. The Sun Ransomware is one of the most recently spotted threats of this type. Propagation and Encryption The propagation methods employed in the spreading of the Sun Ransomware are not yet known. Some researchers put the blame on spam email campaigns, which contain infected attachments, as this is one of the most used methods of propagating malware. Fraudulent pirated variants of legitimate software and fake application updates also may be among the techniques for spreading the Sun Ransomware. The infected system will be scanned, and then...

Posted on October 18, 2019 in Ransomware

Uta Ransomware

The Dharma Ransomware family used to be one of the most widely propagated ransomware families in the world. However, back in 2018, a large number of decryption keys were released publicly, and many thought that this was the end of the Dharma Ransomware. Despite this serious hiccup in the Dharma Ransomware project, there are still variants created and propagated. An example would be the Uta Ransomware. There are no free available decryption tools published online yet so that unlocking your data without paying is not possible. Propagation and Encryption It is not known how the Uta Ransomware is being spread. Torrent trackers and bogus application updates may be at play here. It also is likely that the authors of the Uta Ransomware are using spam emails containing macro-laced attachments to spread this nasty Trojan. All the files on the...

Posted on October 18, 2019 in Ransomware

Get2

There is a hacking group that has been developing over the past several years greatly. It is called TAT505, and researchers believe that this group is behind the notorious Locky Ransomware campaigns and the Dridex banking Trojan. The TAT505 group appears to target companies in the finance industry, mainly. The hacking group is known to launch attacks all around the globe – the United States, Canada, Singapore, Greece, Sweden, Georgia and others. When malware researchers studied the latest TAT505 campaigns, they came across two previously unknown malware families – the SDBBot RAT and the Get2 Trojan downloader. Collects Data and Delivers a Secondary Payload Much like most Trojan downloaders, once the Get2 Trojan infiltrates a host, it will start collecting information regarding the hardware of the host and the software present. All the...

Posted on October 17, 2019 in Remote Administration Tools

SDBbot RAT

While some hacking groups are employed by governments and used to do their bidding in various campaigns, other hacking groups are financially motivated purely. The TAT505 group belongs to the latter category. This hacking group’s activity was first spotted in 2017 and has been monitored ever since. They target businesses operating in the finance industry, mostly. On the 7th of September, they launched an attack targeting victims in Sweden, Singapore, Greece, Georgia and other places. The propagation method utilized by the TAT505 hacking group was bogus emails containing infected attachments. The attachment was tailored to look like a legitimate Excel document so that the user does not sense that something fishy is going on. If the targeted person opens the attachment, it will trigger the launch of the Get2 Trojan downloader. This...

Posted on October 17, 2019 in Remote Administration Tools

Graboid

Most cryptojacking worms are propagated via torrents, malvertising campaigns, bogus downloads and other popular methods. However, some cyber crooks opt to utilize more creative infection vectors. Such is the case with the Graboid cryptojacking worm. The authors of the Graboid worm are spreading this threat using unsecured containers, in this instance, Docker. Most Victims are Located in China The creators of this cryptojacking worm are not targeting a certain class of people or a specific industry or business type. However, most of the victims of the Graboid worm are located in China. It has been determined that there are likely more than 10,000 victims so far. The purpose of the Graboid cryptojacking worm is to infect a system and hijack its resources to mine the Monero cryptocurrency. By default, Docker does not have ports open for...

Posted on October 17, 2019 in Worms

RUHAPPY

A newly emerging hacking group from North Korea has been making the headlines recently. This group is known as APT37 (Advanced Persistent Threat) or ScarCruft. The APT37 group appears to be employed by the North Korean government and used as their cyber-attack-dogs alongside the infamous Lazarus hacking group. The majority of the the ScarCruft hacking group targets are prone to be located in South Korea, but there have been some notable campaigns against targets in the Middle East too. The APT37 group has a preference for stealth, and they design their tools to operate silently and remain under the radar of their victims for as long as possible. This way, the ScarCruft group can collect more information about its targets. Can Render a System Inoperable Despite the fact that most of the hacking tools in the APT37 arsenal are tailored...

Posted on October 17, 2019 in Malware

Blackremote RAT

Cybercriminals do not always end up using the malware, which they build. Often, instead of employing their hacking tools in campaigns, they would sell them or rent them to other shady individuals online. This is the case with the Blackremote RAT (Remote Access Trojan). The creators of this Trojan had posted an advertisement online, which got on the radar of malware researchers immediately. The advertisement was posted by a user with the name ‘Speccy’ or ‘Rafiki.’ The creators of the Blackremote RAT claim that their threat is ‘undetectable’ and has a long list of capabilities. Masks as a Legitimate Tool A common tactic when renting out or selling hacking tools is to try and pass it off as a legitimate application with no unsafe potential. However, the people who sell it and the people who buy it are well aware of what the real deal is....

Posted on October 16, 2019 in Remote Administration Tools

KARAE

North Korea is known to have some very highly-skilled cybercriminals, and these individuals usually work for the government. The most well-known APT (Advanced Persistent Threat) hailing from North Korea is the Lazarus hacking group. However, recently, there has been a new group that is gaining traction, ScarCruft (also known as APT37). Since the ScarCruft hacking group is funded by the North Korean government, it is logical that they are doing their bidding in the campaigns they launch. This is why most of the targets of the ScarCruft group are located in South Korea and tend to be high-ranking officials or government institutions. ScarCruft has developed a long list of hacking tools that keeps expanding over time. Targets Random Users One of the custom-built hacking tools of the APT37 is the KARAE backdoor Trojan. Malware researchers...

Posted on October 16, 2019 in Backdoors

SHUTTERSPEED

The newly rising star on the North Korean cybercrime stage is the ScarCruft hacking group. It also is known under the APT37 (Advanced Persistent Threat) alias. The ScarCruft hacking group is likely to be funded by the government of North Korea directly. This is why it is almost certain that the APT37 group is one of the attack dogs of Kim Jong-Un. This is why it makes sense that most of the targets of the ScarCruft hacking group are either government-linked institutions or high-ranking officials, usually located in South Korea. One of the tools in the arsenal of the ScarCruft hacking group is the SHUTTERSPEED backdoor Trojan. This threat is meant to be used as a first-stage payload, which serves to deploy additional threats on the compromised machine. The SHUTTERSPEED Trojan also can collect system information (software and hardware)...

Posted on October 16, 2019 in Backdoors

Leto Ransomware

An increasing amount of ransomware threats has been plaguing the Internet. One of the most popular ransomware families in 2019 has been the STOP ransomware family certainly. Malware researchers have determined that there have been more than 150 variants of this data-locking Trojan released so far. One of the most recently detected file-encrypting Trojans is the Leto Ransomware. Propagation and Encryption After spotting and studying this ransomware threat, experts concluded that this is STOP Ransomware variant. Mass spam email campaigns, fake updates, and bogus pirated copies of legitimate applications may be among the infection vectors involved in the distribution of the Leto Ransomware. As with most file-locking Trojans, the Leto Ransomware will make sure to scan all your files as soon as it manages to invade your system. Once this...

Posted on October 16, 2019 in Ransomware

RDFSNIFFER

Some hacking groups are state-sponsored and thus do the bidding of their governments in various campaigns targeting political and business sectors. Other hacking groups are autonomous and usually tend to be financially-motivated entirely. An example of the latter is the Carbanak Group (also referred to as FIN7), which is a group of shady individuals who have managed to wreak havoc all around the world over the years and cause damages in the hundreds of millions of dollars. Malware experts have detected a new tool that has been employed by the Carbanak Group, the RDFSNIFFER, recently. This hacking tool can be classified as a RAT (Remote Access Trojan) and seems to be utilized mainly as a second-stage payload with the assistance of the BOOTSWIRE Trojan loader, which is another tool that is present in the Carbanak Group’s arsenal. Targets...

Posted on October 15, 2019 in Malware

PortReuse

China is popular for its hacking groups. Some operate on their own terms, while others are believed to be sponsored by the Chinese government. One of the more notorious Chinese hacking groups is the Winnti Group. They are also known as APT41 (Advanced Persistent Threat). They have been gaining prominence since 2010. The Winnti Group is named after a hacking tool developed by this APT – the Winnti malware. This threat put the Winnti Group on the map and was first spotted in 2013. Ever since the hacking group gained some prominence thanks to the Winnti malware, they have been developing new tools, one of which is the PortReuse backdoor Trojan. Its Preference for Stealth Most backdoor Trojans follow the same pattern – they are operated via a remote C&C (Command & Control) server and tend to have a long list of capabilities. However, this...

Posted on October 15, 2019 in Backdoors
1 2 3 4 5 6 7 8 9 10 11 1,367