ATMDtrack

The Lazarus group have been experimenting with a new piece of ATM malware that was first used against Indian banks in 2018. However, it is likely that this will not be the last time we hear about ATMDtrack, a product of the hackers from Lazarus. This malware is fairly limited in terms of functionality – unlike other ATM malware families, it does not focus on causing harm to the bank by emptying the cash cassettes of the ATM device. Instead, it serves the purpose of collecting the credit card details of all customers of the ATM silently and then exfiltrating them to a remote Command & Control server operated by the attackers. The ATMDtrack shares a lot of similarities in terms of code with the Dtrack RAT, another tool that is part of the hacking toolkit of the North Korean hackers known as Lazarus. It is believed that the ATMDtrack was...

Posted on September 24, 2019 in Malware

Trojan.MacOS.GMERA

Cybersecurity experts have identified a new malware strain made exclusively for Mac OS devices. The threat, dubbed Trojan.MacOS.GMERA, appears to be limited in terms of features, but it might provide its operator with the capability of executing shell commands on the compromised. While this may not be regarded as a big deal to non-tech-savvy people, it actually enables the evil-minded attacker to execute countless tasks on the infected Mac device. A Bogus Stock Trading Application Delivers a Threatening Mac Trojan A sample of the Trojan.MacOS.GMERA was discovered hidden inside a bogus copy of a stock-trading application known as 'Stockfolio.' Of course, the application was not hosted on the official website of the product and, instead, the criminals spread it via 3rd-party file hosting providers. Remember that you should only download...

Posted on September 24, 2019 in Trojans

Nesa Ransomware

The STOP Ransomware continues to be the most active ransomware family at the moment – its list of members contains over a hundred names, and all of them are active in various parts of the world, therefore maximizing the threat's reach and efficiency. One of the recent entries to STOP's list of members is the Nesa Ransomware, a file-locker that targets a long list of file formats, and encrypts their contents by using a private encryption key generated randomly. The data necessary to complete the decryption of the victim's files is stored on the servers of the attackers, therefore ensuring that they are the only ones able to provide the information required to complete the decryption process. Spotting the Nesa Ransomware's attack is not difficult because the Trojan will apply the '.nesa' extension to the names of the files (e.g....

Posted on September 24, 2019 in Ransomware

Tantametinwass.pro

While browsing the Internet, you can be presented with unexpected pop-up advertisements from a website named Tantametinwass.pro, no matter which is your favored Web browser, Safari, Internet Explorer, Google Chrome, Firefox or Edge. Tantametinwass.pro was configured to impose its advertisements on any Web browser used by the computer users it manages to infect. Tantametinwass.pro displays these advertisements in an attempt to make the computer users click on them so that its controllers can make money. However, Tantametinwass.pro needs the computer user authorization to start displaying the advertisements, and this is why the computer users affected by it will receive an 'allow notifications; that, if clicked, will release a flood of unwanted and useless advertisements that may end up preventing the computer user from having a normal...

Posted on September 23, 2019 in Browser Hijackers

Ughtisindune.pro

The cyber crooks are very inventive when finding ways to trick computer users into performing actions that can benefit these con artists. Ughtisindune.pro is a good example of it. These people are using the Ughtisindune.pro website to convince computer users to agree to the exhibition of its advertisements by making a subscription to this bogus website. To draw the computer user attention, Ughtisindune.pro starts the tactic by displaying fraudulent error messages claiming that the computer needs immediate attention and, to know what is going on, the computer user needs to allow the site notifications. The content of the message is: 'Ughtisindune.pro wants to Show notifications Click “Allow” to close this window This window can be closed by pressing “Allow”. If you wish to continue browsing this website just click the more info button...

Posted on September 23, 2019 in Browser Hijackers

Karl Ransomware

The infamous STOP/Djvu family has another addition to its vast family of ransomware. It was named the Karl Ransomware by security researchers and, like its siblings, the Karl Ransomware objective is to extort its victims by enciphering their most precious files by using a powerful encryption method and selling the software that can decrypt the affected files. As soon as the Karl Ransomware finishes enciphering the victims' files, it will display its ransom message, which reads: 'ATTENTION! Don’t worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one...

Posted on September 23, 2019 in Ransomware

Vinuser02.biz

Vinuser02.biz is a website that it is better not to visit. This advice is because its only objective is to induce computer users to allow it to display sponsored advertisements, which the computer users do not need or want. To obtain the computer users' permission, Vinuser02.biz will display a message, which has the context: 'Vinuser02.biz wants to Show notifications I’m not a robot Click Allow to confirm that you are not a robot!' If gullible computer users want to know what Vinuser02.biz has to say and clicks on the 'allow' button, all they will see are the countless advertisements that Vinuser02.biz was configured to display. These advertisements will promote bogus security programs, fake updates, online games, and even adult websites, which will turn the affected machine unsafe for your children's use. Now you know why you should...

Posted on September 23, 2019 in Browser Hijackers

Sherminator Ransomware

File-encryption Trojans are special cyber-threats due to their ability to cause long-term damage that cannot be reversed by running an anti-virus tool and removing the infection. Even after a piece of ransomware is removed, the file it had encrypted previously will still be impossible to use. Sadly, this makes ransomware projects very profitable for cybercriminals, and this is why we keep seeing new file-lockers like the Sherminator Ransomware. This file-locker is not new entirely as it shares a lot of similarities with the Mr.Dec Ransomware that was first analyzed in the summer of 2018. Sadly, a decryptor for neither of these is available at the moment, and their victims will be able to recover their files from a backup only. If you suspect that the Mr.Dec Ransomware or the Sherminator Ransomware have taken your files hostage, and you...

Posted on September 20, 2019 in Ransomware

GoRansom Ransomware

The GoRansom Ransomware is a peculiar file-locker project that does not appear to extort victims for money at the moment. Usually, ransomware developers offer to sell their victims a decryption service, but the case with the GoRansom Ransomware is a bit different – the ransom note that this ransomware leaves behind contains a free decryption solution. It is not clear what the idea of the author is – this might be a project made for fun, or it might still be an unfinished product that will be used with harmful intent eventually. One thing is for sure – despite the presence of a free decryption option, the GoRansom Ransomware is a dangerous threat that is fully capable of harming your files. The GoRansom Ransomware's Message Contains Free Decryption Tutorial The file types that the GoRansom Ransomware targets are very diverse – text...

Posted on September 20, 2019 in Ransomware

Meds Ransomware

Malware developers are exceptionally good when it comes to distributing malware, and they tend to rely on a wide range of propagation techniques to increase the reach of their corrupted files. An easy way to get harmful software on your computer is to deal with pirated media and games or to download files from unknown or non-trustworthy sources. In this day and age, it is mandatory to keep your computer protected by an up-to-date anti-malware engine since this is the best way to prevent high-profile cyber-threats from getting a chance to harm your computer. The '.meds' Files cannot be Decrypted for Free One of the threats to look out for at the moment is the Meds Ransomware, a file-locker with the ability to encrypt thousands of files in a matter of minutes. By encrypting files, the threat makes it impossible to use their contents...

Posted on September 20, 2019 in Ransomware

Kvag Ransomware

Ransomware threats continue to be the primary threat to the safety of your files, and they are the reason why more and more people decide to invest in reliable backup services. Unfortunately, not all users have good backup habits, and they are the prime targets of ransomware developers. One of the file-locker to watch out for the moment is the Kvag Ransomware. This threat is part of the STOP Ransomware family of file-locking Trojans, and it uses an encryption routine that is not decryptable via free means. This makes the Kvag Ransomware threatening exceptionally since the consequences of its attack will persist even if the threat is removed from the infected computer. All files that the Kvag Ransomware locks are marked with the ‘.kvag' extension, so that the victim will be able to recognize them easily. The Kvag Ransomware Locks a Wide...

Posted on September 20, 2019 in Ransomware

Poor Port Protection Puts Millions of Web Radio Devices At Risk

Poor Port Protection Puts Millions of Web Radio Devices At Risk screenshot

More than 1 million Imperial & Dabman Internet Radio Devices could fall prey to remote code execution (RCE) attacks thanks to an undocumented Telnet service using feeble default login credentials. The flaw came to light after researchers at Vulnerability Magazine (VM) performed a routine port scan of a few devices. Dubbed Telnetd, the service was found to be running on port 23. Since Telnetd relies on relatively weak login credentials, it may serve as a backdoor for a wide variety of malicious threats. Weak Password, But Still a Password. Is It THAT Bad? While having a weak password is better than having no password at all, it is hardly a reason to breathe a sigh of relief. Passwords fall...

Posted on September 19, 2019 in Computer Security

SpyNote RAT

Remote Access Trojans (RATs) for Android devices may pack a lot of features that enable their authors with the ability to carry out a broad range of unsafe operations on the infected device. One of the more popular Android RAT projects is SpyNote, and its full source code can be found on many hacking forums. One of the scary things about the SpyNote RAT is that it is absolutely free to use so that anyone can start distributing their unique version of it. Furthermore, criminals who are experienced with programming can write additional modules to extend the SpyNote RAT's features. SpyNote’s Source Code is Available to all Cybercriminals Apart from the GitHub page hosting SpyNote RAT's full source code, ads for this hacking tool can be found on many other hacking forums too. Some of the notable features that the SpyNote RAT has allowed it...

Posted on September 19, 2019 in Remote Administration Tools

Domn Ransomware

File-encryption Trojans continue to be one of the most profitable hacking tools that cybercriminals use. These Trojans' primary purpose is to infect a computer, disable popular data recovery options, and then launch a destructive file-encryption attack that leaves victims with tons of encrypted documents, archives, videos and other files. One of the notable ransomware families active in 2019 is known as the STOP Ransomware family, and its ranks were bolstered by a new member – the Domn Ransomware recently. Just like previous variants of the STOP Ransomware, this one also is considered to be incompatible with free data decryption solutions. Cybersecurity researchers' attempts to crack the Domn Ransomware's encryption have been unsuccessful so far, and victims of this threat may have a very difficult challenge ahead of them when it comes...

Posted on September 19, 2019 in Ransomware

Caleb Ransomware

A new file-locker that goes by the name 'Caleb Ransomware' has been spotted in the wild. According to user reports, the file-encryption Trojan is being delivered via bogus email attachments that come via a phishing message. Often, the crooks sending out these fake emails may be spoofing them to look as if they were sent by a legitimate company, organization or institution. It is recommended to avoid opening emails from unknown senders if they urge you to download and review and unexpected file attachment, especially. Of course, you should also rely on a good anti-virus product to keep such files away from your computer. The Caleb Ransomware Appends a Lengthy Extension to Locked Files If the Caleb Ransomware is not stopped on time and it ends up being run on an unprotected computer, then the victim of the attack might end up losing...

Posted on September 19, 2019 in Ransomware