SysUpdate

The SysUpdate RAT (Remote Access Trojan) is a part of the very wide arsenal of hacking tools used by the infamous Chinese hacking group called Bronze Union. Due to the consistency of their activities and high-profile targets, the Bronze Union group have been given the APT (Advanced Persistent Threat) title. While the SysUpdate RAT is one of the private hacking tools, which the Bronze Union APT employs, they are known for often using public utilities in their attacks too. This is not a common practice among high-profile APTs, but it does not stop the Bronze Union. The SysUpdate Trojan has been confirmed to be involved in campaigns targeting organizations based in Turkey and Mongolia. It is likely that these are not the only cases where the Bronze Union group has employed the SysUpdate RAT, and it has been used in some previous attacks...

Posted on June 4, 2019 in Remote Administration Tools

BSC Ransomware

At the beginning of June 2019, experts in the field of detecting and studying malware spotted a new ransomware threat surfacing. It was dubbed the BSC Ransomware, and when they looked further into this newly discovered data-locking Trojan, they found out that it is a variant of the infamous Dharma Ransomware. The malware researchers did not manage to come to a clear conclusion on how the BSC Ransomware is being propagated by its creators. However, it is largely believed that they may have employed the most common methods of spreading file-encrypting Trojans – via spam email campaigns, faux updates and infected pirated data. If the BSC Ransomware manages to penetrate the PC targeted successfully, it will start a scan. The point of the scan is to determine the locations of the file types, which this data-locking Trojan will encrypt....

Posted on June 4, 2019 in Ransomware

Dodger Ransomware

The Dodger Ransomware is a recently spotted ransomware threat. After malware researchers came across it, they studied it but did not find it to be linked to any of the large ransomware families like the STOP Ransomware or the Dharma Ransomware. It has not been established what the propagation method applied to spread this file-locking Trojan is but it has been speculated that the attackers may be using fraudulent software updates, alongside spam emails containing infected attachments and pirated software. When this nasty threat lands on your system, it will start scanning your machine to determine the locations of the files it has been programmed to encrypt later. When this step of the attack is completed, the Dodger Ransomware wastes no time and starts the encryption process. After completing the encrypting of the data targeted, the...

Posted on June 4, 2019 in Ransomware

HyperBro

The HyperBro RAT (Remote Access Trojan) is a part of the large arsenal of hacking tool, which belongs to the hacking group LuckyMouse. LuckyMouse is a believed to originate from China and have been given the title APT27, which stands for Advanced Persistent Threat. They usually target high-profile individuals and organizations. Recently, a data center located in Central Asia reported a breach in their network by LuckyMouse, which resulted in the siphoning of a great number of sensitive documents connected to government officials. It is likely that apart from collecting sensitive data, the LuckyMouse group has used this opportunity to create a watering hole designed to target government-linked officials. In the past, the LuckyMouse hackers have spread their malware via macro-laced email attachments, but it is not known what propagation...

Posted on June 3, 2019 in Remote Administration Tools

Hidden Bee

In a best case scenario, when the cyber crooks propagate their cryptocurrency miners, they would like them to infiltrate as many machines as possible and remain active on them for as long as possible without being detected by any anti-malware application. This, however, is only achieved by the most high-end cryptocurrency miners on the Web. One such case is the Hidden Bee Trojan miner. It is believed to originate from China and appears to be targeting users residing in Asia mainly. The cybercriminals responsible for the Hidden Bee miner are known for spreading their malware via advertisements on adult websites, which are very well-known in Asia. The corrupted advertisements would load a secret iFrame, which they can make as small as 1px width x 1px height, to make sure that the victim does not notice it. However, its code will still...

Posted on June 3, 2019 in Trojans

Stone Ransomware

The Stone Ransomware is recently uncovered data-encrypting Trojan. When cybersecurity experts dug deeper into it, they found out that the Stone Ransomware is a member of the family of the infamous STOP Ransomware. It is a common practice among authors of malware to base their threats on an already existing piece of malware instead of building it from scratch. Malware researchers have not declared with certainty what the infection vector employed by the attackers is, but it is being speculated that the creators of the Stone Ransomware may be using the most common tricks to spread their threat – faux software updates, pirated content and mass spam email campaigns. When the Stone Ransomware penetrates a system, it will trigger a scan on the files. When the scan is completed, the Stone Ransomware would have located all the file, which it...

Posted on June 3, 2019 in Ransomware

'!__prontos@cumallover.me__.bak File Extension' Ransomware

Cybersecurity experts have spotted a new ransomware threat recently. It was given the name '!__prontos@cumallover.me__.bak File Extension' Ransomware, and upon further investigation, it appears to be a variant of the RotorCrypt Ransomware. It is not known with 100% certainty what the propagation method employed by the authors of the '!__prontos@cumallover.me__.bak File Extension' Ransomware is, but it is likely that the cybercriminals may be using spam email campaigns containing an infected attachment, corrupted pirated content, and bogus software updates to spread their threatening creation. Once the '!__prontos@cumallover.me__.bak File Extension' Ransomware infiltrates a PC it begins its attack by performing a scan. The goal of the scan is to locate the files, which the '!__prontos@cumallover.me__.bak File Extension' Ransomware was...

Posted on June 3, 2019 in Ransomware

Raccoon Stealer

A new info stealer tool is out on the market. It is called the Racoon Stealer, and it would appear that it originates from Russia. Its creators are offering it as service. Users can obtain the Racoon Stealer if they subscribe for it. The authors of the Racoon Stealer offer different subscription plans. The cheapest option will allow the customer to use the Racoon Stealer for one month and would have all its tools available. The Racoon Stealer is sporting a wide variety of capabilities, as well as a great user-friendly interface. The info stealer's authors have built a secure network that will allow their clients to rely on a swift and encrypted communication between the Command and Control server and the victims of the Raccoon Stealer. This info stealer's servers are hosted on TOR, ensuring that the anonymity of its users is secure....

Posted on May 31, 2019 in Keyloggers

PowerStallion

The PowerStallion tool is one of the numerous hacking tools in the arsenal of the infamous group Turla. Turla originates from Russia and has been known to be active for over a decade now, with the first indications of their activity starting back in 2008. They are known as one of the most elite hacking groups in the world. It is speculated that they may be linked to the Russian government as most of their targets are political. Their latest high-profile victim was the German Foreign Office. They also have targeted the US and French military in the past. The PowerStallion tool is used as a backdoor meant to infiltrate and grant access to the targeted machine. It is very likely that the PowerStallion is only implemented as a Plan B option by Turla because it is known that the main backdoors used by Turla are Carbon and Gazer. It is...

Posted on May 31, 2019 in Malware

Harma Ransomware

The Harma Ransomware is a recently spotted file-encrypting Trojan. When inspected, this ransomware threat revealed to be a variant of the popular Dharma Ransomware. The infection vector utilized by the authors of the Harma Ransomware is not yet confirmed. However, it is believed that the attackers may be using spam emails, fraudulent software updates and pirated media to spread their threat. Once the Harma Ransomware infiltrates a system successfully, it will scan it. The goal of this scan is to detect the files that it will later encrypt and locate them. Then, the Harma Ransomware would begin the encryption process. After undergoing the Harma Ransomware's encryption, the files will have their names altered. It is a signature move of ransomware threats which belong to the Dharma Ransomware family to apply a similar pattern when...

Posted on May 31, 2019 in Ransomware

.PLEASE_CONTACT_1398456099@qq_com' Ransomware

Recently, malware researchers came across a new and rather peculiar ransomware threat. It is called '.PLEASE_CONTACT_1398456099@qq_com' Ransomware and does not appear to belong to any of the popular ransomware families. It is speculated that the author is a Chinese high-school student, but this has not been confirmed. It is not uncovered with certainty what the propagation method of this file-locking Trojan is, but it is very likely that the creator has been spreading this threat via pirated software, mass spam email campaigns and faux updates. When the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware penetrates a system it initiates a scan immediately. This is done to locate all the file types, which this data-encrypting Trojan is programmed to go after. Usually, to achieve maximum damage, the files targeted are the most popular file...

Posted on May 31, 2019 in Ransomware

Nansh0u Miner

The Nansh0u Miner was first spotted back in February. It would seem that ever since then this cryptocurrency miner has been alive and well spreading to tens of thousands of computers worldwide, according to the latest estimates. The authors of the Nansh0u Miner are operating a very large campaign, and they do not seem to be diminishing speed any time soon. However, not only have the attackers spread their threat masterfully, but they have built it expertly too to the point where it could be referred to as a state-of-the-art cryptocurrency miner. Most authors of cryptocurrency miners opt to mine for popular currencies like Bitcoin and Ethereum. However, the individuals behind the Nansh0u Miner have chosen to mine for the little-known 'TurtleCoin.' This being said, the Nansh0u Miner is just as harmful to the infiltrated system as any...

Posted on May 30, 2019 in Malware

jRAT

jRAT is a RAT (Remote Access Trojan) that is written in the JAVA language, which would make it compatible with nearly all operating systems, provided that the infiltrated computer has JRE (Java Runtime Environment) installed. Despite its capability to work with several operating systems, the main target of the jRAT remains machines running Windows. Malware experts first discovered this threat about two years ago – back in 2017. The creators of the jRAT have not been idle, though, and have introduced a few updates of their creation over the years. These updates included VM-evasion methods alongside several new features. The infection vector utilized by the authors of the jRAT appears to be spam email campaigns containing a '.jar' file, which carries the threat. If the victims attempt to open the infected file, they will give the green...

Posted on May 30, 2019 in Remote Administration Tools

Beets Ransomware

Another variant of the infamous Dharma Ransomware has been spotted recently. This new threat was dubbed the Beets Ransomware. It is a fairly common technique for hackers to base their creations on already existing ransomware threats, which have proven to be successful in extorting money. The infection vector employed by the creators of the Beets Ransomware is not confirmed, yet it is speculated that the cyber crooks may be spreading their threat via fake updates, spam emails containing infected files and pirated software. When the Beets Ransomware infects a system, it will begin a scan. The scan aims to detect the files, which will later be encrypted by this data-locking Trojan. When the Beets Ransomware has located the files in question, it will begin encrypting them. Then, once the encryption process is completed, you will notice...

Posted on May 30, 2019 in Ransomware

Zoh Ransomware

Recently, cybersecurity experts have uncovered a new file-locking Trojan called the Zoh Ransomware. When the Zoh Ransomware was studied, this threat revealed that it belongs to the Dharma (or also known as Crysis Ransomware) family. This is a ransomware family often used by cybercriminals to build their own data-encrypting Trojans on as they would have to put much less effort into it compared to building it from scratch. It is not known with full certainty what propagation methods are employed in spreading this nasty threat, but it is being speculated that spam email campaigns, alongside faux software updates and pirated content may be involved. Once the Zoh Ransomware worms its way in a host, it would begin scanning it immediately. The goal of the scan is to find all the files, which the Zoh Ransomware was programmed to lock. After...

Posted on May 30, 2019 in Ransomware