Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

GandCrab Ransomware

GandCrab ransomware is a malware threat that encrypts data on affected computers and demands the payment of ransom in exchange for a decryption tool. That cryptovirus appeared for the first time at the end of January this year, and since then researchers have identified several different versions of GandCrab, among which GDCB, GandCrab v2, GandCrab v3, GandCrab v4, and GandCrab v5. The latest version was identified just about a month ago in September 2018. The features and encryption mechanisms of this ransomware have evolved since its first appearance - while the initial three versions have used RSA and AES encryption algorithms to lock up data on the infected device, version 4 and above employ additional and more sophisticated cipher like Salsa20. Malware researchers believe that this is done mostly for speed reasons as the Salsa20...

Posted on January 29, 2018 in Ransomware

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

More Articles

Hoardy

The Hoardy backdoor Trojan is a threat that has been employed in several attacks targeting high-profile individuals. This Trojan is the creation of a hacking group called the Flea group, and its most infamous campaign took place right before the G20 summit in 2014 and targeted high-ranking politicians. The Hoardy backdoor Trojan has since been utilized in several other shady operations. Usually, hacking campaigns that employ the Hoardy backdoor do not last very long, which has led experts to believe that the goal of the attackers is likely to grab as much information as they can quickly and cease the operation to remain under the radar of the victim. Propagation Method To propagate the Hoardy backdoor Trojan, the Flea hacking group is using phishing emails that they have tailored to look as legitimate as possible. The target would...

Posted on December 11, 2019 in Backdoors

Khalesi

Infostealers are among the favorite hacking tools of cybercriminals around the world. This is because this malware type is usually very small in terms of size, which allows it to carry out silent operations that can be highly successful potentially. Infostealers may allow their operators to collect information from messaging applications, email clients, Web pages, etc. Normally, infostealers connect to their creators’ C&C (Command & Control) server and siphon all the collected data to straight to the attackers. The Khalesi malware belongs to the infostealer class, and it appears to be active in the wild. Propagation And Persistence The Khalesi infostealer is likely being propagated via several means of distribution such as malvertising campaigns, bogus application downloads, mass spam email campaigns, pirated media, and software, etc....

Posted on December 11, 2019 in Malware

TheEasyWayPro

There are numerous Web browser extensions that claim to perform all sorts of useful tasks, but a significant number of them are not at all what they claim to be. TheEasyWayPro is an excellent example of this. This Web browser extension states that it will provide users with helpful directions and handy maps. The developers of this extension are likely targeting users who go hiking frequently or enjoy traveling often. However, the TheEasyWayPro extension is not offering anything unique to its users. Instead, this extension utilizes already existing free services such as Google Maps. This means that there’s no need to install the TheEasyWayPro to use the services that it offers as they are already free and available publicly. Alters Users’ Default Search Engine Users who choose to add the TheEasyWayPro to their Web browser may experience...

Posted on December 11, 2019 in Potentially Unwanted Programs

Startrafficc.com

The Startrafficc.com site is a dodgy Web page that uses shady tactics to trick users into executing actions that they would not otherwise perform. In other words, the administrators of the Startrafficc.com utilize various social engineering to achieve their goals. Sometimes, administrators of shady websites use their platform to propagate threatening malware that has the potential to harm users’ systems seriously. However, the operators of the Startrafficc.com site do not take this outright unsafe strategy. Instead, they use their website to spam users with unwanted advertisements. Social Engineering Tricks The operators of the Startrafficc.com page claim that users need to click on the ‘Allow’ button that they are presented with if they want to see the content hosted on their websites. If the users fall for this and click on the...

Posted on December 11, 2019 in Browser Hijackers

Code Red Worm

Code Red (CodeRed) is a computer worm that affected MS ISS web servers back in the early 2000s. At the peak of its popularity, it affected nearly half a million host systems. Code Red uses a simple but effective vulnerability of older ISS web servers. the worm causes a buffer overflow by using a particularly long string of symbols, the netter N in this case, to overflow the software buffer. This, in turn, allows the malware to execute the arbitrary code it needs and spread further, while defacing the host in the process. Servers who were infected by the Code Red worm had their pages replaced with the following text: HELLO! Welcome to http://www dot worm dot com! Hacked By Chinese! The worm was also set up in a way which allowed it to perform different tasks depending on the day of the month, obtained from the victim's system clock. On...

Posted on December 11, 2019 in Worms

Misleading:Win32/Lodi!MSR

The Windows Defender Antivirus uses the Mislead-ing:Win32/Lod!MSR detection name to signal a potential threat that may be present on the user's system. It is of key importance that the detection of the threat is not based upon a key piece of software or file per se but is instead applying heuristic methods to identify a potential unsafe activity. Every legitimate anti-malware application utilizes such techniques when looking for and identifying potential malware that may be present on the user's computer. However, even if the said anti-virus tool pre-sents you with the Misleading:Win32/Lod!MSR detection alert that does not mean that there is an unsafe activity taking place on your system necessarily. Sometimes, harmless files downloaded from trustworthy sources may trigger a false positive and spawn the Mislead-ing:Win32/Lod!MSR alert....

Posted on December 10, 2019 in Misleading Programs

AppleJeus

Cyber crooks take an increasing interest in creating threats targeting devices running OSX. One of the newest threats of this type that cybersecurity experts have spot-ted is called AppleJeus. The AppleJeus threat is a Trojan backdoor with several intriguing features. The authors of the AppleJeus Trojan are propagating it using a bogus digital asset currency exchanges. Any user that would like to use the service is urged to download a digital asset trading platform. However, as soon as the users down-load and install the file, the AppleJeus Trojan backdoor will be planted on their systems silently. Apart from the variant of this threat that targets Mac computers, the au-thors also have developed a copy that goes after Win-dows systems too. The Windows variant of this threat does not possess any qualities that are too impressive, but...

Posted on December 10, 2019 in Backdoors

Lazarus Ransomware

The Lazarus Ransomware is a new file-locking Trojan that has been spotted in the wild by experts. Just like most malware of this type, the Lazarus Ransomware will com-promise your computer, lock your files sneakily, and then demand money in exchange for a decryption key that is meant to inverse the damage that was done to your data. Propagation and Encryption It is not clear what infection vectors have been used in the propagation of the Lazarus Ransomware or if certain re-gions or demographics are being targeted by the authors of this threat. The creators of the Lazarus Ransomware are likely using fake emails to distribute this data-locking Trojan. Such spam email campaigns would often include a misleading, fraudulent message and a seemingly harm-less attached file, which is actually macro-laced. Opening the macro-laced attachment may...

Posted on December 10, 2019 in Ransomware

Microsoft-one.com

One of the most favored tricks in the book of cybercrime is imitating a legitimate service or product to trick unsus-pecting users. The authors of the Microsoft-one.com have done this exactly - they have tailored their Web page to resemble a genuine Microsoft website so that users will not question its legitimacy and trust it blindly. Spawns Fake Alerts If you have come across the Microsoft-one.com website, you have likely been browsing low-quality content. Usual-ly, dodgy Web pages work with shady advertising net-works that push all dubious content, and it is likely that they also are involved in the promoting of the Microsoft-one.com website. Upon launching the main page of the Microsoft-one.com site, users will be redirected to the of-ficial Web page of Microsoft. This trick is likely meant to convince users of the legitimacy of the...

Posted on December 10, 2019 in Browser Hijackers

Rex-news1.club

Many shady online actors create websites for the sole purpose of spamming users with unwanted advertise-ments via the browser’s notifications feature. One of the websites that partake in this behavior is the Rex-news1.club page. Spams Users with Unwanted Dodgy Advertisements The main goal of the administrators of the Rex-news1.club site is to trick the user into giving them per-mission to display Web browser notifications. The crea-tors of shady sites like the Rex-news1.club Web page are often utilizing various social engineering tricks to achieve their goal. The visitors of the Rex-news1.club website are misled into believing that the site hosts interesting con-tent, and if they want to view it, they have to click on the 'Allow' button that is supposed to enable a media player. However, the media player is fake, and clicking on the...

Posted on December 10, 2019 in Browser Hijackers

IconDown

Many cyber crooks around the world rely on Trojan downloaders to infiltrate a targeted system and inject additional malware in it. To make the job of malware researchers more difficult, con actors who propagate Trojan downloaders would often obfuscate their code heavily and make their creation seem harmless. This way, the Trojan downloader may avoid detection by anti-malware tools and security checks successfully. Recently, cybersecurity experts have spotted a new Trojan downloader claiming victims online – IconDown. The IconDown downloader is believed to be the creation of a hacking group called BlackTech. Targets Businesses in Japan The BlackTech hacking group is believed to originate from Asia, as most of their targets are located in this area. Malware experts have been keeping an eye on the BlackTech group, and it became evident...

Posted on December 9, 2019 in Trojan Downloader

Afrodita Ransomware

Most authors of ransomware tend to propagate their creations as far and as wide as they possibly can. However, this is not always the case. Some con actors that propagate ransomware threats prefer to concentrate their efforts on fewer targets, but of higher quality. It would appear that this is the case with the recently spotted file-locking Trojan called the Afrodita Ransomware. Propagation and Encryption The authors of the Afrodita Ransomware have opted to target companies operating in Croatia exclusively. The Afrodita Ransomware is being propagated via phishing emails that contain a fraudulent message containing various social engineering tricks and a corrupted attachment, which at first glance appears to be nothing more than a regular spreadsheet. However, the spreadsheet is macro-laced, which means that if the intended target...

Posted on December 9, 2019 in Ransomware

Gesd Ransomware

Ransomware threats have been among the most malware plaguing the Internet in 2019. The STOP family, in particular, is responsible for countless attacks since cyber crooks have managed to create and distribute over 200 copies of this file-locking Trojan. One of the newest variants of the STOP Ransomware that has been spotted by experts is called the Gesd Ransomware. Propagation and Encryption Ransomware threats are often propagated via mass spam email campaigns, torrent trackers, fake application downloads and updates, bogus pirated software and media, etc. However, in the case of the Gesd Ransomware, there are no particular infection vectors that have been confirmed yet. The attackers may be using one of the methods listed above or a combination of various techniques. The Gesd Ransomware will make sure to locate all the files of...

Posted on December 9, 2019 in Ransomware

Zeppelin Ransomware

Most authors of ransomware rely on already existing threats and simply create copies of them with slightly altered characteristics. However, some cyber crooks prefer to build their data-locking Trojans from scratch. Such cybercriminals often are very experienced and highly skilled. This is the case of the Zeppelin Ransomware – a newly spotted file-encrypting Trojan that has been roaming the Web recently. Upon studying the threat, malware experts concluded that this project is completed and highly weaponized. Propagation and Encryption It is not clear what are the exact infections vectors utilized by the authors of the Zeppelin Ransomware. Cybersecurity researchers believe that it is likely that this nasty Trojan is spread via emails containing macro-laced attachments, fake pirated media or software, torrent trackers, bogus application...

Posted on December 9, 2019 in Ransomware

Buer

The Buer Trojan loader is what is often referred to as a Malware-as-a-Service. This means that the creators of the Buer Trojan are selling it as a commodity on underground online markets, and anyone who is willing to pay can take advantage of this hacking tool. This is threatening particularly, not only because there is no limit on how many con actors can distribute the threat but also because the Buer Trojan loader is a very well-developed tool. According to researchers, the Buer loader is a threat that has been built by Russian malware developers. Experts have spotted advertisements for the Buer Trojan written in Russian claiming that users who purchase the threat also will be provided with free customer support and regular updates. The full price for the Buer loader is $400, which is not a very high price for what its authors are...

Posted on December 6, 2019 in Trojans
1 2 3 4 5 6 7 8 9 10 11 1,378