TrickBooster

Banking Trojans are among the more popular malware as they can offer great monetary gain to cybercriminals. The TrickBot banking Trojan is a threat that is well-known to malware researchers worldwide. It has been active since 2016, but its creators have not remained idle over the years – they have introduced several updates that have improved the TrickBot malware greatly. 250 Million Email Addresses Collected One of the recent updates to the TrickBot Trojan has been given the name 'TrickBooster.’ The TrickBooster malware does not cause as much direct harm as the TrickBot banking Trojan, but it can prove to be much more threatening in the long run. By providing its operators with tens of millions of email addresses, the malware might enable them to distribute a more prominent cyber-threat around the globe rapidly. The cybersecurity...

Posted on July 18, 2019 in Malware

Herad Ransomware

Most cybercriminals take the easy route when they create ransomware threats, meaning that instead of building it from the bottom up, they base it on already existing, successful data-locking Trojans. This is the case with the newly uncovered ransomware threat called the Herad Ransomware. This file-encrypting threat is a variant of the popular STOP Ransomware. Infiltration and Encryption Security researchers have no been able to determine the exact infection vector used in the propagation of the Herad Ransomware. It is likely that faux software updates, infected applications downloaded from unsecured sources, and spam emails with corrupted attachments may be among the techniques used in the spreading of the Herad Ransomware. The Herad Ransomware starts a scan as soon as it penetrates the system targeted. The scan is meant to determine...

Posted on July 17, 2019 in Ransomware

Adame Ransomware

Adame Ransomware screenshot

Some highly skilled cyber crooks prefer to build and tailor unique malware and take great pride in this. Others, however, would rather take it easy and still cash in some profits, preferable with minimum effort involved. Such individuals like to base their malware creations on the code of already existing, well-established threats. This is the case with the creators of the Adame Ransomware. This file-encrypting Trojan is a variant of the infamous Phobos Ransomware. Infection and Encryption It is not yet clear what propagation method have the authors of the Adame Ransomware chosen to employ in the spreading of their creation. However, some speculate that the most common methods of...

Posted on July 17, 2019 in Ransomware

Zero-Fucks Ransomware

The Zero-Fucks Ransomware is a data-locking Trojan which has been recently spotted by cybersecurity researchers. Unlike most ransomware threats nowadays, which tend to be almost entirely based on already existing file-encrypting Trojans, the Zero-Fucks Ransomware appears to be an original project. Infiltration and Encryption Malware experts were not able to determine with fill certainty what infection vectors may be at play in the spreading of the Zero-Fucks Ransomware. Some believe that the authors of the Zero-Fucks Ransomware have likely opted to use the most common and widely spread techniques in propagating their creation – emails containing macro-laced attachments, fraudulent application updates, and corrupted software downloaded from unofficial sources. The Zero-Fucks Ransomware will begin scanning the system as soon as it...

Posted on July 17, 2019 in Ransomware

KopiLuwak

The Turla hacking group is a world-known APT (Advanced Persistent Threat). This hacking group is very likely working for the Russian government as their targets tend to be foreign officials and governments, as well as large companies in industries which the Kremlin has vested interests in. This cyber-attack-dog of the Russian government appears to have been active since 2007 and has been gradually improving their arsenal of hacking tools by updating older tools as well as adding new ones. One of the newest projects of the Turla APT is the KopiLuwak backdoor Trojan. Written in Javascript This Trojan is written in Javascript, which is not very common as threats written in this programming language tend to have a rather limited set of capabilities. It is likely that the Turla hacking group has opted to use Javascript as this could make...

Posted on July 17, 2019 in Trojans

Lokas Ransomware

Cybercriminals’ interest in creating ransomware threats seems to be growing by the day. Recently, a new data-locking Trojan was spotted by experts who dedicate their time to fighting malware. This brand-new threat is called Lokas Ransomware, and it belongs to the STOP Ransomware family. Infiltrating Your PC It is not yet clear what are the exact infection vectors used in the propagation of the Lokas Ransomware, but some speculate that the most common methods of spreading ransomware may be involved in this campaign too – mass spam email operations, faux software updaters, and infected applications downloaded from unverified sources. When the Lokas Ransomware worms its way into a system, it will start the attack with a quick scan. After the scan is performed, the Lokas Ransomware would have located all the files, which will be targeted...

Posted on July 16, 2019 in Ransomware

Rodentia Ransomware

There are new ransomware threats popping up daily. Some ransomware authors create highly weaponized, high-end threats that can cause tremendous damage. Others, however, are not that skilled and sometimes end up releasing pretty poorly made ransomware threats. This is the case with the Rodentia Ransomware. Infecting Your Computer Malware researchers have not pinpointed a specific propagation method that is employed in spreading the Rodentia Ransomware. Some believe that the authors of the Rodentia Ransomware may have used some of the classic infection vectors that are most commonly used in propagating ransomware threats – corrupted software downloaded from unsecured websites, emails that contain macro-laced attachments, and bogus application updates. Usually, ransomware threats scan a system, locate the files that they were programmed...

Posted on July 16, 2019 in Ransomware

ExpBoot Ransomware

With the growing popularity of ransomware threats, there are all sorts of cybercriminals trying their luck in creating various variants of this malware. Some of the cybercrooks are highly skilled and very capable, while others, not so much. Today we will be dealing with the latter when discussing the newly emerged ExpBoot Ransomware. Compromising Your System It is not clear what is the precise method employed in the propagation of the ExpBoot Ransomware. Some malware researchers have speculated that the authors of the ExpBoot Ransomware may have made use of the most favored infection vectors used in the spreading of ransomware threats – faux software updates, corrupted pirated applications downloaded from unverified sources, and spam emails containing infected attachments. Normally, when a ransomware threat compromises a PC, it will...

Posted on July 16, 2019 in Ransomware

Topinambour

The Turla APT (Advanced Persistent Threat) is a hacking group that appears to have been active since 2008. This APT has been linked to the Russian government and is likely being sponsored by them as this highly-skilled hacking group has proven to be useful in furthering the interests of the Kremlin. Recently, the Turla APT has added a new hacking tool to their rich arsenal – the Topinambour Trojan dropper. In campaigns, the Topinambour malware is not the main actor but serves as a backdoor to allow additional, more sophisticated threats on the compromised system. Propagation Method It seems that the propagation method chosen by the Turla hacking group is via legitimate program installers, which carry the payload of the Topinambour. Once the user installs the desired software, it will run normally, and thus the threatening activity that...

Posted on July 16, 2019 in Trojans

REvil Ransomware

Cybersecurity experts have spotted a new ransomware threat circulating the Web recently. This data-encrypting Trojan is called REvil Ransomware and also is known as the Sodinokibi Ransomware. Infiltration and Encryption Malware experts have not been able to reach a consensus as to what method is employed in the propagation of the REvil Ransomware. It is largely believed that the authors of the REvil Ransomware may be using some of the most common techniques to spread this file-locking Trojan – bogus application updates, infected pirated software downloaded from unofficial sources, and spam emails, which contain corrupted attachments. If the REvil Ransomware manages to penetrate a system, it will begin the attack with a quick scan of the files present on the computer. The goal is to find and locate the files, which the REvil Ransomware...

Posted on July 16, 2019 in Ransomware

Serious Instagram 2FA Loophole Patched

Facebook has had a bug bounty program that allows independent researchers to report security flaws for almost a decade now. Only recently, a very serious issue concerning Instagram account security was patched after a researcher managed to find a way to brute-force more or less any Instagram account and gain control over it. The find landed Laxman Muthiyah an award of $30 thousand. The severity of the issue he discovered more than justifies that sum. Muthiyah discovered a weakness in the two-factor authentication procedure that relies on a code sent to the user's mobile phone. Instagram generates a six-digit code that Muthiyah decided to brute-force, but worked out that there would be about a million combinations. The only issue was the limited time window in which the randomly generated six-digit code was active - Instagram keeps the...

Posted on July 16, 2019 in Computer Security

Instagram virus

The Instagram virus has been a computer threat that dates back to 2018 where it was primarily known for spreading through aggressive spam and phishing campaigns. Such campaigns were inclined to redirecting computer users to websites that look legitimate and then demanded the login credentials for Instagram accounts through an enticing method. On many occasions the Instagram virus started through spam emails with links that sent users to phishing sites where the login credentials were naturally stolen. When stolen, the credentials were then used to leverage certain Instagram accounts to spread propaganda and many other malevolent-intent items or even push the sales of items on the Internet. In other instances, the Instagram virus directed viewers of compromised accounts to pages just for clicks or impressions as part of a pay-per-click...

Posted on July 15, 2019 in Malware

DoppelPaymer Ransomware

DoppelPaymer Ransomware is a file-locking trojan that blocks your media and leaves ransom notes redirecting you to a payment portal for the unlocker. Although it's an update of the highly-similar BitPaymer Ransomware, it uses a separate encryption method and requires a different decryptor for restoring any files. Let your anti-malware products remove DoppelPaymer Ransomware as soon as they detect it and store secure backups for undoing the side effects of its attacks. Just a Doppelganger Getting Paid At least one criminal from the same group of hackers that brought the world Gameover Zeus and the Dridex banking trojan is turning old tools into new money, in theory. A new variant of BitPaymer Ransomware, from the 'Business Club' threat actor, is circulating with attacks targeting both private sector companies and government networks....

Posted on July 15, 2019 in Ransomware

Kromber Ransomware

A brand new ransomware threat has recently surfaced. It is called the Kromber Ransomware, and upon further research, it appears that this file-encrypting Trojan is a variant of the Matrix Ransomware. Infiltrating Your Computer Security researchers have been unable to pinpoint what infection vector is being employed in the propagation of the Kromber Ransomware. Some, however, speculate that some of the propagation methods which may be at play in the spreading of the Kromber Ransomware may be infected pirated applications, emails containing macro-laced attachments and bogus software updates. The Kromber Ransomware performs a scan as soon as it infiltrates a machine. This is how the threat detects the location of the files, which will be locked later. Then, the Kromber Ransomware triggers the encryption process. A file. which is encrypted...

Posted on July 15, 2019 in Ransomware

1BTC Ransomware

Cybercriminals often tend to create ransomware threats, which have their code based on already established data-locking Trojans instead of building a threat from scratch. An example of this would be the 1BTC Ransomware, which emerged recently. This file-encrypting Trojan is based on the wildly popular Dharma Ransomware. Compromising Your System It is not yet certain how the authors of the 1BTC Ransomware are propagating it exactly. Fraudulent application updates, mass spam email campaigns, and infected pirated software are dubbed to be some of the infection vector, which have likely been used in the spreading of the 1BTC Ransomware. When a computer gets infected by the 1BTC Ransomware, it will be quickly scanned so that the threat can locate the files, which it was programmed to go after. Next is the encryption process. A file, which...

Posted on July 15, 2019 in Ransomware