Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

GandCrab Ransomware

GandCrab ransomware is a malware threat that encrypts data on affected computers and demands the payment of ransom in exchange for a decryption tool. That cryptovirus appeared for the first time at the end of January this year, and since then researchers have identified several different versions of GandCrab, among which GDCB, GandCrab v2, GandCrab v3, GandCrab v4, and GandCrab v5. The latest version was identified just about a month ago in September 2018. The features and encryption mechanisms of this ransomware have evolved since its first appearance - while the initial three versions have used RSA and AES encryption algorithms to lock up data on the infected device, version 4 and above employ additional and more sophisticated cipher like Salsa20. Malware researchers believe that this is done mostly for speed reasons as the Salsa20...

Posted on January 29, 2018 in Ransomware

RobinHood Ransomware

The RobinHood Ransomware (RobbinHood Ransomware or RobbinHood File Extension Ransomware) is a ransomware Trojan that is used to harass computer users under the pretext of raising awareness and funds for the people of Yemen. In fact, there is no evidence to support the theory that the creators of the RobinHood Ransomware have altruistic motives. It is likelier that the con artists are using the RobinHood Ransomware to profit in the same way that the creators of most encryption ransomware Trojans act today. However, the ransom demand in the case of the RobinHood Ransomware is extremely elevated, making it very unlikely that any individual PC users will pay the RobinHood Ransomware ransom in case of an attack. Take preventive measures against ransomware Trojans like the RobinHood Ransomware, which are becoming common increasingly. Yemen...

Posted on August 4, 2017 in Ransomware

WannaCryptor or WanaCrypt0r Ransomware

WannaCryptor or WanaCrypt0r Ransomware screenshot

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

Posted on March 29, 2017 in Ransomware

More Articles

DePriMon

The DePriMon malware is a newly uncovered downloader, which is likely the creation of a hacking group called The Lamberts (also known as Longhorn). Experts were lead to believe that the DePriMon downloader belongs to The Lamberts group because the threat would often be used in combination with a malware family that belongs to the group, and is called ColoredLambert. There are several hacking tools that belong to the ColoredLambert family – Black Lambert, White Lambert, Blue Lambert, Green Lambert, Pink Lambert, and Grey Lambert. About The Lambert Hacking Group The Lambert hacking group is believed to have begun operating back in 2008, but its unsafe activity did not become public until 2014. They are considered to be a very experienced hacking group with a long history of devastating cyber-attacks launched against various high-profile...

Posted on November 22, 2019 in Trojans

ColoredLambert

The ColorLambert malware family is the most popular creation of the Longhorn hacking group. They also are known as The Lamberts, named after the previously mentioned malware family. It is believed that the Longhorn hacking group's activity traces back to 2008. This hacking group tends to go after high-profile targets only. Their main targets tend to be government bodies, as well as various companies operating in the automotive, healthcare, telecommunication fields. The Malware Family The ColoredLambert malware family was given its name because the threats it contains are all color-coded. Of course, each hacking tool in the ColoredLambert malware family is represented by a different color, and most of them serve different purposes: Black Lambert – This threat was the first one spotted by malware researchers, and it serves as a backdoor...

Posted on November 22, 2019 in Malware

'Uejsc25.xyz' Pop-Ups

'Uejsc25.xyz' is a website you may have come across while browsing low-quality content online. The goal of the creators of the 'Uejsc25.xyz' page is to use social engineering tricks to persuade the user to perform certain actions. This is done by presenting the user with bogus pop-up messages that use various fear-mongering techniques to convince the users that there is something wrong with their systems. Fake alerts and fraudulent error messages are some of the tricks used by the operators of the 'Uejsc25.xyz' website. The 'Uejsc25.xyz' site detects what Web browser the user is running and would present them with pop-ups and alerts based on their browser. This means that a person who is using Google Chrome will see different error messages and alerts than a user who is utilizing the Mozilla Firefox Web browser. This is likely to make...

Posted on November 22, 2019 in Adware

AgileHelp

AgileHelp is a software tool compatible with OSX. The creators of the AgileHelp utility claim that installing this tool will improve your browsing quality greatly and help you get better search results. However, this is far from the truth. Instead of improving your browsing quality in any shape or form, the AgileHelp tool will make sure you are bombarded with advertisements, which are likely to be irrelevant and of low-quality. The AgileHelp utility will not only spam you with unwanted advertisements and links but also will display fake anti-malware reports. The creators of the AgileHelp tool use various social engineering techniques to convince the user to download a bogus anti-virus scanner. This is done by intimidating the users into complying by presenting them with reports stating that their systems have serious issues that need...

Posted on November 22, 2019 in Adware

2048 Ransomware

One of the malware kind you can happen to cross paths is ransomware. This threat will sneak into your computer, sniff out your data, encrypt it, and then attempt to extort you for money. Among the most popular ransomware families of 2019 is the Dharma Ransomware family. There are dozens upon dozens of Dharma Ransomware variants plaguing users worldwide. One of the newest variants of the Dharma Ransomware is called 2048 Ransomware. Propagation and Encryption It is likely that the authors of the 2048 Ransomware are propagating it via several infection vectors. However, malware researchers do not have any conclusive information. They believe that the 2048 Ransomware may be spread with the help of fake emails. Often, these emails have a misleading message aiming to trick the user into opening a macro-laced attachment that is usually...

Posted on November 22, 2019 in Ransomware

Beware: Fake Windows Update Emails Installs Cyborg Ransomware

Beware: Fake Windows Update Emails Installs Cyborg Ransomware screenshot

In November 2019, a new spam email campaign was launched, pushing the Cyborg ransomware threat. The fake email claims to originate from Microsoft and urges victims to install the latest update for Windows. The spam email has a subject line of "Critical Microsoft Windows Update!" and the body of the text reads, "Please install the latest critical update from Microsoft attached to this email". The bad punctuation and the fact that the email claims to carry the update file as an attachment should be the very first red flag to alert users that something is wrong. The attachment itself is not an executable or a .msi installer, as might be expected from an actual patch file, but a fake .jpg...

Posted on November 21, 2019 in Computer Security

Mispadu

Mispadu is a banking Trojan whose activity appears to be concentrated in the Brazilian and Mexican regions. Unlike most banking Trojans nowadays, which are both desktop and mobile-compatible, the Mispadu Trojan only works with desktop systems running the Windows operating system. It would appear that the creators of the Mispadu banking Trojan are propagating it via malvertising operations. The targets will be tricked into believing that they have won a coupon for McDonald’s restaurants. Apart from malvertising, the attackers have opted to use phishing email campaigns that contain an infected attachment. Gaining Persistence and Collecting Data When the Mispadu Trojan manages to infiltrate a targeted host, it will attempt to gain persistence by tampering with the Windows Registry, ensuring that when the victims restart their computers,...

Posted on November 21, 2019 in Trojans

Roboto Botnet

Malware researchers have spotted the activity of a botnet called Roboto Botnet. The activities of this botnet were first spotted in the summer of 2019. The Roboto Botnet appears to be targeting Linux servers and gathers the compromised targets to create a wide-reaching botnet that can be used for various operations. Experts have reported that there is a total of 215,000 Linux servers that are using the Webmin application approximately. This application appears to be the infection vector utilized by the operators of the Roboto Botnet. However, it must be noted that the updated versions of the Webmin software suite are not vulnerable, and the attackers can only exploit outdated variants of the application. Despite the Roboto Botnet’s activity dating back to the summer of 2019, its operators have started mass-expanding it only recently....

Posted on November 21, 2019 in Botnets

SectopRAT

Cybersecurity experts have uncovered a brand-new RAT (Remote Access Trojan) called SectopRAT. When they dissected the threat, it became evident that its authors are still working on it. Various functions are not working, and several modules appear to be far from complete. Launches a Secondary Desktop However, despite being a yet-to-be-finished project, the SectopRAT has a very interesting feature. This threat can launch an additional process called ‘explorer.exe’ that will be hidden from the victim. This process launches a second desktop that the user cannot see, but the attackers can operate freely. The second desktop will allow the authors of the SectopRAT to go through the victim’s files, browse the Internet, and alter various settings and configurations on the compromised host. The attackers also can launch a new browser instance....

Posted on November 21, 2019 in Remote Administration Tools

Kodg Ransomware

Ransomware threats have been among the most popular threats of 2019 undoubtedly. Thousands of users worldwide have fallen victim to this nasty threat and lost their data permanently. Data-locking Trojans are nasty, particularly, as they would make sure to encrypt all your data and then blackmail you if you want to retrieve your data. One of the newest spotted ransomware threats has been named Kodg Ransomware. This threat belongs to the most active ransomware family of 2019 – the STOP Ransomware family. Propagation and Encryption It has not yet been pinpointed what the specific infection vectors involved in the spreading of the Kodg Ransomware are. Some believe that the authors of the Kodg Ransomware may be using spam email to propagate this Trojan. This would mean that their targets would receive an email containing a fraudulent...

Posted on November 21, 2019 in Ransomware

Phoenix Keylogger

In July 2019, malware researchers spotted a new threat that was being advertised on hacking forums. Its name is the Phoenix Keylogger, and it is being offered as a ‘malware-as-a-service.’ One can rent the Phoenix Keylogger for as low as $14.99/month. For con artists who would like to have it for a longer period, the creators of the Phoenix Keylogger also offer $34.99/3 months and $78.99/lifetime subscriptions. This is not a very high price, and it is likely that more and more shady individuals will subscribe to the Phoenix Keylogger and spread this nasty threat. Capabilities Since its release in July, the Phoenix Keylogger has been improved greatly. Its creators have added new capabilities and improved the self-preservation features of the threat. The Phoenix Keylogger is capable of detecting whether it is being launched in a sandbox...

Posted on November 20, 2019 in Keyloggers

FakeAdsBlock

Nowadays, a smartphone has become part of almost everyone's life,, and it is only natural that shady individuals will try to find a way to exploit this. This is why the number of malware strains and dodgy software targeting smartphones is certainly on the rise. Another pest that targets tablets and smartphones is adware. Creators of adware invent new techniques to convince the user to give their application the permissions it requires and then begin spamming constant advertisements constantly. Among the newest Android adware is called FakeAdsBlock. It seems that the developers of the FakeAdsBlock adware are propagating it through third-party Android application stores. Funnily enough, the authors of the FakeAdsBlock adware have opted to mask their creation as an application that is meant to block advertisements. However, as you may...

Posted on November 20, 2019 in Adware

CyborgLock Ransomware

A growing number of cybercriminals are taking an interest in developing and distributing ransomware threats. Some are highly-skilled individuals, while others are much less experienced in the field of malware. The CyborgLock Ransomware is among the newest spotted file-locking Trojans, and experts believe that this threat may be the creation of a less experienced individual. What leads malware researchers to believe this is that the ransom fee is demanded in the shape of Amazon gift cards. Most creators of ransomware threats tend to require the fee be paid in Bitcoin or other popular cryptocurrencies, as this would be untraceable. Propagation and Encryption The propagation techniques used in the spreading of the CyborgLock Ransomware remain unknown. It is likely that the attackers are using spam emails with macro-laced attachments,...

Posted on November 20, 2019 in Ransomware

Wacatac Ransomware

The Wactac Ransomware is a threat, which at first glance appears to be a file-locking Trojan, but it does not function as a ransomware threat because it lacks the ability to encrypt data. This threat also is known as the DeathRansom Ransomware. Since the Wactac Ransomware is not capable of encrypting your data, you would be able to reverse the damage done to your files easily. When the Wactac Ransomware infiltrates your system and targets your files, it will alter them by adding a ‘.wctc’ extension to their names. This means that a file that you had named ‘awareness.mp3’ will be renamed to ‘awareness.mp3.wctc.’ However, if you want your files to be usable again all you have to do is remove the ‘.wctc’ extension that is at the end of the filenames. The Ransom Note The Wactac Ransomware drops a ransom note on the user’s desktop as an...

Posted on November 20, 2019 in Ransomware

Inter

In the past, the term skimming used to be linked to crooks collecting credit card data from ATMs (Automated Teller Machines) exclusively. The operation would be carried out by the criminals installing a well-masked piece of hardware onto an ATM and then gathering the sensitive credit card data of users who use the machine. However, cyber crooks also have taken an interest in skimmers, and a new malware has been developed, which is often referred to as online skimming. Usually, an online skimmer would consist of a difficult to detect JavaScript code that is injected into the check-out page of an online store. Of course, the online skimmer would not change the interface or functionality of the compromised website, and users will be oblivious to its unsafe activity. This allows the operators of the online skimmer to collect the credit...

Posted on November 19, 2019 in Malware
1 2 3 4 5 6 7 8 9 10 11 1,374