Top Security News

Beware of Michael Jackson One Year Death Anniversary Spam Email To celebrate the life and legacy of one of the greatest entertainers of our time, fans around the world will once again be searching for their favorite Michael Jackson song and paying tribute to the King of Pop as we approach his one-year death anniversary. After the death of Michael Jackson on...
Warning: Menacing BlackHole Exploit Kit Targeting Windows PCs Now Available to Hackers for Free Christmas has come early for novice hackers and criminals looking to get their share of the scam operatives flooding the Internet after someone publicly set free not one but two dangerous malware tools in just under 30 days. Once available as a password protected archive, the Zeus malware kit and...
Hackers Attack Citibank Pilfering over 200,000 Credit Card Customers' Personal Data While more news on Rep. Anthony Weiner's (D-N.Y.) online sex scandal continues to appear, another hacking incident occurs, this time hackers broke into Citibank's computers stealing account numbers, names and contact information. Citibank, one of the biggest 4 banks in the USA, discovered a data...

Top Articles

Adame Ransomware

Adame Ransomware screenshot

Some highly skilled cyber crooks prefer to build and tailor unique malware and take great pride in this. Others, however, would rather take it easy and still cash in some profits, preferable with minimum effort involved. Such individuals like to base their malware creations on the code of already existing, well-established threats. This is the case with the creators of the Adame Ransomware. This file-encrypting Trojan is a variant of the infamous Phobos Ransomware. An Offshoot of the Phobos Ransomware Upon close examination of its code, security researchers have now tied Adame's structure to that of the nasty Phobos ransomware family. However, the group of hackers behind the attacks has...

Posted on July 17, 2019 in Ransomware

Phobos Ransomware

Phobos Ransomware screenshot

The Phobos Ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017. The Phobos Ransomware is being used to target computer users in Western Europe and the United States and delivers its ransom messages in English to the victims. The main way in which the Phobos Ransomware is being distributed is through the use of spam email attachments, which may appear as Microsoft Word documents that have enabled macros. These macro scripts are designed to download and install the Phobos Ransomware onto the victim's computer when the corrupted file is accessed. It is likely that the Phobos Ransomware is an independent threat since it does not seem to belong to a vast...

Posted on October 23, 2017 in Ransomware

'National Consumer Center' Pop-Ups

'National Consumer Center' Pop-Ups screenshot

The 'National Consumer Center' pop-ups are connected to known online tactics. According to complaints, the 'National Consumer Center' pop-ups may claim that the computer user has won a free iPhone or some other similar costly prize. The 'National Consumer Center' pop-ups may include the legend 'National Consumer Center' in the upper left corner, with an official looking font, and advertisements on the right. These pop-ups are among the most common online tactics and may be used to intrude on the computer user's privacy. The 'National Consumer Center' pop-ups may be caused by adware components installed on the affected Web browser. However, the 'National Consumer Center' pop-ups also may...

Posted on April 28, 2016 in Browser Hijackers

More Articles

NavRAT

The APT37 (Advanced Persistent Threat) is a hacking group that has been around for a while and is believed to work in cooperation with the North Korean government (although this information is yet to be confirmed with full certainty). Most of the targets of the APT37 group are concentrated in South Korea and ten to be rather high-profile. Recently, the APT37 used spear-phishing emails to propagate a threat called NavRAT (Remote Access Trojan). Malware researchers regard the delivery method used by the attackers as rather intriguing. It also is interesting to point out that the infrastructure used in the campaigns involving NavRAT is not very conventional too. Propagates via Spear-Phishing Emails The aforementioned spear-phishing emails would contain an infected attachment in the shape of a ‘.HWP’ file. This corrupted file is named...

Posted on October 11, 2019 in Remote Administration Tools

Hiddad

Hiddad is an Android-based piece of adware. Most of the activity of the Hiddad adware is concentrated in Russia, with over 40% of the victims being located there. However, there have been reports of infections in the USA, India, Germany, Ukraine, Indonesia among other countries. The creators of the Hiddad adware employ various social engineering techniques to achieve their end goal, which is convince the user to click on their advertisements. This may not sound like too much of a big deal, but the authors of the Hiddad can cash in some significant revenue if they manage to plant their creation on enough host devices. Spreads via Fake Applications This piece of adware appears to have been hosted on the official Google Play Stor, posing as several fake applications ‘Snap Tube,’ ‘Music Mania,’ and ‘Tube Mate.’ Thankfully, the developers...

Posted on October 11, 2019 in Adware

AndroidBauts

The AndroidBauts botnet is a network of infected Android devices that are used for promoting advertisements to users online. At one point, the number of infected devices was more than 550,000. The creators of the AndroidBauts botnet are able to gather data regarding the compromised devices - both software and hardware. Most of the infected devices appear to be located in India and Indonesia. However, a significant number of compromised Android devices that belong to the AndroidBauts botnet also can be found in Russia, Argentina, Vietnam, Malaysia and other countries. Propagated via Fake Applications The operators of the AndroidBauts botnet are likely to have infected this staggering amount of devices by hosting fake applications on the official Google Play Store. Users tend to be less careful when they are downloading applications from...

Posted on October 11, 2019 in Malware

Lotoor

Lotoor is a threat that is crafted to target Android devices specifically. Most of the Lotoor malware activity appears to be located in the Russian Federation, with more than 32% of the compromised devices being concentrated in this region. However, this malware family appears to be also rather active in the USA, Brazil, India, Germany, Vietnam and others. Lotoor’s Capabilities The approach of the Lotoor malware is to sneak into the target’s Android device silently and look for various exploits that may be present. Then, if any is detected, the Lotoor threat will try to use it to get administrator privileges. If this attempt is successful, the Lotoor malware will be able to receive and execute remote commands by its operators. This means that the Lotoor authors can: Collect sensitive data. Disable any security measures, which may be...

Posted on October 11, 2019 in Malware

Jsecoin

Jsecoin is a service used for mining cryptocurrency via the Web browser. This is achieved by injecting code written in JavaScript into the targeted website. Not all Web pages, which take advantage of this service are ill-intended, sometimes genuine websites use this feature, but the difference is that legitimate pages never fail to inform the user that their system will be used to mine cryptocurrency. However, there are rogue websites, which will not present the user with any notification. In the case of the cryptocurrency that is being mined is Monero. Visitors to websites, which have been injected with Jsecoin will have large amounts of their processing power used for mining Monero automatically. Often, such shady Web pages will make sure to use up as much processing power as possible with no regard for the user and their system....

Posted on October 11, 2019 in Malware

APT37

APT37 (Advanced Persistent Threat) is a hacking group that is likely to operate from North Korea. Experts speculate that APT37 may be financed by the North Korean government directly. This hacking group is also known as ScarCruft. Until 2017 APT37 concentrated almost all their efforts on targets located in South Korea. However, in 2017, the hacking group began expanding their reach and started launching campaigns in other East Asian states such as Japan and Vietnam. The APT37 has also had targets located in the Middle East. The hacking group is also known to collaborate with other ill-minded actors. APT37 is meant to further North Korean interests, and thus their targets tend to be high-profile. The hacking group tends to target industries linked to automobile manufacturing, chemical production, aerospace, etc. Propagation Methods...

Posted on October 10, 2019 in Malware

COMpfun

COMpfun is a RAT (Remote Access Trojan) that belongs to the Turla hacking group and was first detected around 2014. The Turla APT (Advanced Persistent Threat) is believed to be a group of Russian individuals that are likely to be sponsored by the Kremlin (but this information is yet to be confirmed). The Turla hacking group tends to target high-profile individuals/organizations located in Russia and Belarus. The Turla APT has an impressive arsenal of hacking tools, and if you compare the COMpfun RAT to another one of their threats, the Reductor Trojan, you will see that the latter is far more threatening and complex. However, the COMpfun RAT is not to be estimated either as it can still enable the attackers to hijack a system and gain complete control over it. Capabilities Some of the features of the COMpfun RAT include: Capturing...

Posted on October 10, 2019 in Remote Administration Tools

Mike Ransomware

One of the most recently detected ransomware threats is called Mike Ransomware, and it appears to be a variant of the HildaCrypt Ransomware. However, there is one significant difference between the HildaCrypt Ransomware and the Mike Ransomware; the latter is built to masquerade as a copy of the notorious STOP Ransomware. Malware researchers have not determined why the authors of the Mike Ransomware would take such an unusual approach. Propagation and Encryption It is not yet known what infection vectors are employed in the propagation of this data-locking Trojan. Spam emails containing infected attachments, as well as fake application updates, and bogus pirated copies of legitimate applications are among the most popular propagation methods linked to the spreading of ransomware threats. When the Mike Ransomware infiltrates a system, it...

Posted on October 10, 2019 in Ransomware

HildaCrypt Ransomware

At the beginning of October 2019, cybersecurity researchers spotted a new file-locking Trojan. Its name is HildaCrypt Ransomware. The HildaCrypt Ransomware takes the same approach as most ransomware threats; it scans the infiltrated system to locate the files of interest, locks the targeted data using an encryption algorithm, and then asks for payment in return for a decryption key, which is meant to unlock the affected files. Propagation and Encryption The methods used in the spreading of the HildaCrypt Ransomware still remain unknown. It is likely that the most popular methods of propagating ransomware threats may be at play in the case of the HildaCrypt Ransomware, such as fraudulent application updates, fake pirated copies of popular software solutions and mass spam email campaigns. After the HildaCrypt Ransomware infiltrates and...

Posted on October 10, 2019 in Ransomware

Bora Ransomware

Cybersecurity experts detect a growing number of ransomware threats circulating the Web. Some of them are projects, which have been built from scratch while others are copies of already existing and well-established file-locking Trojans. Propagation and Encryption One of the most recently detected data-encrypting Trojans is the Bora Ransomware. This newly uncovered threat belongs to the infamous STOP Ransomware family. The experts who studied the Bora Ransomware were not able to pinpoint the infection vectors, which are involved in the spreading of this ransomware threat. Usually, file-locking Trojans are propagated via mass spam email campaigns. Sometimes, ransomware authors also opt to use bogus software updates and fraudulent pirated variants of popular applications. Like most threats of this type, the Bora Ransomware runs a quick...

Posted on October 10, 2019 in Ransomware

TeleBots

The TeleBots APT (Advanced Persistent Threat) is believed to originate from the Russian Federation. Though, this information is yet to be confirmed. Malware experts have determined that it is likely that some of the TeleBots members also have taken part in threatening campaigns carried out by other hacking groups like the GreyEnergy, the Sandworm team and BlackEnergy. It is largely believed that the TeleBots hacking group was involved in the infamous cyber-attack targeting the Ukrainian power grid back in 2015. This campaign is significant, particularly because it is one of the first of its kind – a large-scale hacking campaign causing a total blackout is not a common occurrence at all. In 2017 the TeleBots group also went after industry and finance-related targets located in Ukraine. The TeleBots APT Created the Petya Ransomware and...

Posted on October 9, 2019 in Malware

GreyEnergy

The GreyEnergy APT (Advanced Persistent Threat) is believed to be the successor of the largely destructive hacking group known as the BlackEnergy APT. There are several reasons why cybersecurity experts believe these two hacking groups to be related: The GreyEnergy hacking group emerged about the same time as the BlackEnergy APT vanished from the world of cybercrime. Both the GreyEnergy and BlackEnergy APTs tend to operate with flexible, light-weight hacking tools that are modified and controlled easily. Most of the efforts of both hacking groups are concentrated in Poland and Ukraine. They both tend to target critical sectors like industrial or energy-related institutions. The infrastructure built and used by both GreyEnergy and BlackEnergy APT seems to be very closely related. Changing Approaches However, the individuals who appear...

Posted on October 9, 2019 in Malware

Reductor

The Turla APT (Advanced Persistent Threat) is an ill-famed hacking group that originates from Russia. They also are known as Uroboros, Snake, Waterbug, and Venomous Bear. The Turla APT is very popular in the world of cybercrime and has carried out many devastating hacking campaigns over the years. Some malware researchers believe that the hacking group may be sponsored by the Kremlin, but this information is not yet confirmed. Most of their campaigns are concentrated in ex-Soviet states like Belarus and Ukraine, but they also have launched operations in Iran. One of the hacking tools in the rather large arsenal of the Turla APT is the Reductor RAT (Remote Access Trojan). It is believed that the Reductor RAT is an upgraded variant of the COMpfun threat. The COMpfun Trojan’s main purpose was to serve as a first-stage payload, while the...

Posted on October 9, 2019 in Remote Administration Tools

Muhstik Ransomware

The authors of a threat named Muhstick Ransomware have modified their threat slight. However, it still bears a resemblance to the ransomware variants it was based on. The Muhstick Ransomware appears to be a variant of the eCh0raix Ransomware and QNAPCrypt Ransomware. These file-encrypting Trojans all target QNAP NAS (Network Attached Storage) devices. Oftentimes users may store important data or sensitive information on NAS devices as they are perceived as more secure than keeping the data on one’s hard drive commonly. Once the Muhstick Ransomware infiltrates a NAS device, it will begin encrypting all the information that is stored on it. Next, a ransom note named ‘README_FOR_DECRYPT.txt’ is dropped for the victim to read. As with most ransomware threats, the Muhstick Ransomware authors will ask the victim to pay a significant sum as a...

Posted on October 9, 2019 in Ransomware

Reco Ransomware

File-encryption Trojans continue to be the most important part of the toolkit of any cybercriminal – these destructive cyber-threats are the perfect extortion tool for anonymous cyber crooks, as they give them a very strong bargaining chip by holding the victim's files as hostages. Unfortunately, recovering from ransomware attacks is often an impossible task, and victims end up having to ask the attackers for help that never comes for free. The Reco Ransomware is one of the latest file-lockers to look out for, and a closer analysis of its behavior revealed that it is not an entirely new threat – it is based on the STOP Ransomware project, and uses an identical file-encryption routine to damage the files of its victims. The distribution techniques that the authors of the Reco Ransomware use to spread their threatening program may vary –...

Posted on October 9, 2019 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,365