Predator the Thief

A new info stealer by the name Predator the Thief has been detected in several large-scale attacks recently. It appears that its author is a user called 'Alexuiop1337' who is currently selling Predator, the Thief on several Russian forums. The initial price was $35, but after several updates and perhaps seeing the interest it has garnered, the author of the Predator the Thief raised the price to $80. However, this did not diminish the interest in the Predator the Thief because even for $80 a threat with so many features is still a bargain. It is not clear how the Predator the Thief is propagated, but it is highly likely that the main mean of distribution is mass spam email campaigns. So far, it was identified that the Predator the Thief was spread via WinRAR archives, which were crafted to achieve infiltration via the CVE-2018-20250...

Posted on May 29, 2019 in Malware

Olympic Destroyer

The Olympic Destroyer piece of malware was detected back in 2018 initially. Malware researchers spotted this threat being employed in an attack targeting networks linked to the organizers of the Winter Olympic Games 2018 held in South Korea, as well as partnering actors. It has been speculated that the motives behind this operation may have been political with the goal of causing disruption and collecting sensitive data. When experts analyzed it further, it became apparent that the attackers had had inside information about the network targeted such as domain settings and IP addresses. Later, there was another operation that employed the Olympic Destroyer. This time the targets were institutions operating in the financial sector in Russia. Then, the Olympic Destroyer was used against chemical and biological laboratories located in...

Posted on May 29, 2019 in Malware

Rezuc Ransomware

The Rezuc Ransomware data-locking Trojan was spotted by cybersecurity researchers recently. After it was dissected by experts, the Rezuc Ransomware revealed that it is a part of the vast STOP Ransomware family. Despite studying this threat, malware experts cannot confirm how it is being propagated. However, it is likely that the authors are employing the tried and tested methods of employing spam email campaigns, bogus updates and corrupted pirated data. When the Rezuc Ransomware lands on a system, it will initiate a scan whose goal is to locate the file types, which this file-encrypting Trojan is meant to go after. When this is completed successfully, the Rezuc Ransomware will begin encrypting the targeted data. After undergoing the Rezuc Ransomware's encryption process, the files would have their names altered. The Rezuc Ransomware...

Posted on May 29, 2019 in Ransomware

ERIS Ransomware

A new data-locking Trojan has been spotted circulating the Web recently. It goes by the name ERIS Ransomware and does not seem to belong to any of the popular ransomware families. It is not clear what the exact infection vector of the ERIS Ransomware is but it is widely believed that the authors of this threat may be using fake software updates, pirated media, as well as spam emails containing macro-laced attachments. If the ERIS Ransomware penetrates a computer successfully, it will waste no time and will start scanning the machine infiltrated to locate the files it was programmed to target immediately. When the data is located, the ERIS Ransomware will begin encrypting it. The ERIS Ransomware alters the names of the files affected by adding the '.ERIS' extension. This means that if you had called an audio file...

Posted on May 29, 2019 in Ransomware

Hackers Deploy GandCrab Ransomware Through a Patched Confluence Vulnerability

The collaboration software of the Australian company Atlassian Confluence is again on hackers’ radars. Though the company released a patch for a set of critical vulnerabilities in its lead product on March 20, 2019, it looks like attackers are still able to exploit one of these bugs to infect the servers of thousands of companies worldwide with the widespread and devastating GandCrab ransomware. GandCrab appeared in January 2018, and it is currently still offered by its creators on underground forums to other hacking groups in exchange for a share of the profits. As there are still no free decryption keys for the latest GandCrab 5.2 version, this malware is a major threat for both consumers and businesses. Based on Java, Confluence is a wiki-type of application that allows coworkers of an enterprise to have a shared space where they...

Posted on May 28, 2019 in Computer Security

Shade Ransomware Takes Aim at International Targets

The Shade ransomware, also known as Troldesh, is a strain of malware that was first spotted by security researchers back in early 2014. After being used against Russian victims in localized campaigns, Shade has recently been spotted in a growing number of attacks against victims located across the globe, from Japan to the USA. Security researchers with Palo Alto Networks recently published their findings of Shade infections and the majority of those were now happening outside of Russia. Affected countries include Japan, Thailand, India, Canada and the USA. Shade is not being used to target private users, as most ransomwares these days, but industries and corporate entities instead, with Palo Alto singling out high-tech companies, wholesale companies and educational institutions as the prime targets in those new international attacks....

Posted on May 28, 2019 in Computer Security

ProtonBot

ProtonBot is a hacking tool, which is gaining increasing popularity because of its low price. This Trojan loader can be acquired for just $50. Normally, Trojan loaders like the famous Smoke are sold for about $200 to $300 but do not offer very different capabilities to these of ProtonBot. Furthermore, the authors of ProtonBot have made sure to implement an easy to use interface so that even buyers with less experience would be able to navigate this hacking tool easily. The creators also provide technical support to the clients of ProtonBot. Having said all this, it is easy to see why ProtonBot is gaining traction in the hacking forums quickly. Once ProtonBot lands on a system, it would scan it to find out if another copy of ProtonBot is already present on the PC. If the results are negative, ProtonBot will move on to set up a task,...

Posted on May 28, 2019 in Botnets

Bitcoin Collector Scam

Crypto-currencies have been a hit in the global financial scene the past few years. However, the expanding market of different crypto-currencies and the ever-growing interest in them by the public was bound to attract sharks from the world of cybercrime. One such instance is the Bitcoin Collector Scam. The Bitcoin Collector gained traction in May 2019 because it was posing as a legitimate service, which made some wild promises to its users. The authors of this 'service' claimed that if you register and use Bitcoin Collector, you will be getting up to $45 per day in the shape of Bitcoin. Furthermore, you would get a personal referral link, and if you convince another user to sign up via your link, you could receive up to to $800 a day in Ethereum. Overly generous offers like this need to raise red flags in users online – if it seems too...

Posted on May 28, 2019 in Trojans

qbx Ransomware

At the end of May 2019, a new ransomware threat emerged online – the qbx Ransomware. After the initial discovery, malware experts took upon studying this new file-locking Trojan and found out that the qbx Ransomware is a variant of the popular Dharma Ransomware (also called Crysis Ransomware). Even though it has not beevalidated yet, there are strong indications that the qbx Ransomware is propagated via mass spam email campaigns, corrupted pirated applications and bogus software updates. After infiltrating a host successfully, the qbx Ransomware starts scanning it. The goal of the scan is to locate the files, which will then be encrypted. After completing this step, the qbx Ransomware proceeds to encrypt the targeted data. After undergoing the qbx Ransomware's encryption process, the files original names would be altered following a...

Posted on May 28, 2019 in Ransomware

Skymap Ransomware

The Skymap Ransomware is a threat, which was uncovered by malware experts recently. Like many other cybercriminals, the authors of the Skymap Ransomware have opted to use a well-established file-locking Trojan to build their threat on – the infamous STOP Ransomware. It is not fully certain how the authors of the Skymap Ransomware are propagating their threat, but it is likely that they are employing fraudulent software updates, pirated content, as well as spam email campaigns containing macro-laced attachments. If the Skymap Ransomware worms its way in a system successfully, it will start its attack by scanning the machine. The scheme performed is aimed at detecting and locating the file types that the Skymap Ransomware will then lock. When the data is located, the Skymap Ransomware will begin the encryption process. When this step is...

Posted on May 28, 2019 in Ransomware

Mogera Ransomware

The Mogera Ransomware is a recently detected data-encrypting Trojan, which has been circulating the Web. When dissected, it became evident that the Mogera Ransomware is from a family of non-other but the widely infamous STOP Ransomware. This ransomware family, alongside the Dharma Ransomware family, and the Globe Imposter Ransomware family have been very popular in the world of cybercrime recently with new variants popping up almost daily. Malware experts have not confirmed how the Mogera Ransomware is being spread but seems likely that the authors of this file-locking Trojan are using pirated software, faux updates, and spam emails to propagate their creation. When the Mogera Ransomware gains access to a system, the first thing it will do is begin a scan aimed at locating the files, which this threat was programmed to lock. When the...

Posted on May 28, 2019 in Ransomware

AbaddonPOS

In recent years, cybercriminals have been getting more and more inventive and expanding their operations. Such shady individuals have been taking more interest in PoS (Point-of-Sale) devices recently. It was widely believed that PoS devices were very secure, but the cybercriminals have come up with some cunning techniques to penetrate such machines. Attacks on PoS devices do not affect the business directly usually but siphons money from their customers instead. Needless to say, when the information about such an attack comes out, the business' reputation can be damaged gravely. AbaddonPOS is a malware family, which targets businesses in the United States. It is believed that this threat originates from the TA530 hacking group. It is not known where the hackers are from, but they seem to attack businesses dealing with retail and...

Posted on May 27, 2019 in Malware

KaiXin Exploit Kit

The KaiXin Exploit Kit is a relatively old exploit kit, which is still in use to this day. It is believed to originate from China. Pages hosting the KaiXin Exploit Kit may cover various subjects, and their visitors are unlikely to notice anything out of the ordinary. However, the page will not deliver just the legitimate content – it also will use the Exploit Kit's JavaScript code in the background to scan for vulnerabilities. The KaiXin Exploit Kit scans the software that is installed on the victim's computer to determine what exploits should be employed. It will seem that KaiXin Exploit Kit uses exploits in JAVA, Microsoft Edge, Internet Explorer and Adobe Flash. The attackers seem to rely on infiltrating the targeted system via JAVA Runtime Environment (JRE) mostly, specifically an outdated version between 17006 and 17011. Three...

Posted on May 27, 2019 in Malware

GottaCry Ransomware

Recently, researchers came across an interesting piece of malware. It is called the GottaCry Ransomware. The reason is that this is a rather odd ransomware threat that does not encrypt any data, despite claiming to do so. It will seem that the authors of the GottaCry Ransomware are amateurs who are trying their luck by releasing this unfinished threat publicly. It is not confirmed what the infection vector of the GottaCry Ransomware is, but it is very likely that the attackers are using fraudulent updates, alongside pirated content and emails containing infected attachments. Normally, ransomware threats would scan the computer they land on to find the file types they are programmed to encrypt. However, as we mentioned before, the GottaCry Ransomware is not capable of encrypting any files whatsoever. That does not indicate that there...

Posted on May 27, 2019 in Ransomware

Sysfrog Ransomware

The Sysfrog Ransomware is a newly uncovered file-encrypting Trojan. It would appear that this ransomware threat is not a part of any of the popular ransomware families such as the Dharma Ransomware, the Globe Imposter Ransomware or the Scarab Ransomware. Often, cybercriminals opt to use already established threats to base their own creations, as it is much less time-consuming. But not in this case. It has not been confirmed how exactly the Sysfrog Ransomware is being spread online, but malware researchers speculate that the cyber crooks behind this data-locking Trojan are employing spam email campaigns, faux software updates and pirated software. When the Sysfrog Ransomware infiltrates a targeted PC successfully, it will scan its contents. Then, the files, which will be locked are located, and the Sysfrog Ransomware is ready to start...

Posted on May 27, 2019 in Ransomware