VAMP

The Two-Tailed Scorpion APT (Advanced Persistent Threat) is a hacking group, which likely originates from the Middle East. Many speculate that the Two-Tailed Scorpion APT is working with the Hamas terrorist organization. Most of these APT campaigns are concentrated in the Middle Eastern region. Its targets include high-ranking politicians in Israel, as well as Palestine. Despite mainly focusing on Israel and Palestine, the Two-Tailed Scorpion hacking group has had successful campaigns targeting Egypt and Jordan, among other countries. The Espionage The Two-Tailed Scorpion APT has been gaining popularity with one of their hacking tools called VAMP. The VAMP Trojan is programmed to target Android devices, and experts have already spotted multiple campaigns employing this threat against universities, companies in the security industry,...

Posted on July 10, 2019 in Malware

Save Ransomware

The Save Ransomware is a newly uncovered file-encrypting Trojan. When cybersecurity researchers studied this ransomware threat, they discovered that it belongs to the notorious Dharma Ransomware family. Infiltrating Your PC Malware experts have been unable to pinpoint the exact method of propagation utilized in the spreading of the Save Ransomware. Some believe that mass spam email campaigns, alongside fraudulent application updates, and infected pirated software are among the infection vectors used in propagating this new data-locking Trojan. Once the Save Ransomware manages to infiltrate your PC, it will start the attack with a scan. The goal of scanning your system is to determine the locations of the files, which will be targeted for encryption. When this is completed, the Save Ransomware will start locking the data it was...

Posted on July 10, 2019 in Ransomware

GnatSpy

The GnatSpy hacking tool is believed to be a piece of malware, which has been created by the infamous Two-Tailed Scorpion APT (Advanced Persistent Threat) and is designed to target Android devices. This hacking group is believed to be located in the Middle East and has been reported to target mainly government bodies and officials in Israel and Palestine. Some believe that the Two-Tailed Scorpion group is working alongside the terrorist group Hamas to further their interests in the area. When the GnatSpy Trojan was dissected, it became clear that this threat is very similar to another hacking tool used by the Two-Tailed Scorpion group – the VAMP Trojan. It appears that the GnatSpy project may be an upgraded version of the VAMP Trojan. Propagation Method The GnatSpy Trojan is being propagated via fraudulent applications, which are often...

Posted on July 10, 2019 in Malware

GoBotKR

Cybercriminals often borrow code from one another, and they are fond of open-source projects especially. It would appear that the GoBotKR Trojan is based on the GoBot2 backdoor, which is a threat whose source code was made available to the public. The authors of the GoBotKR threat have adopted a lot of the code behind the GoBot2 backdoor and modified it to their liking. The cybercrooks behind the GoBotKR Trojan are mainly focusing on South Korea (hence the ‘KR’ in the name) with over 80% of compromised systems located there. However, there have been campaigns spotted in other East Asian locations such as Taiwan and China. It is speculated that the goal of the GoBotKR is to infect as many computers as possible and create a botnet, which would then be used for potential DDoS (Distributed-Denial-of-Service) attacks. Pirated Torrents...

Posted on July 9, 2019 in Backdoors

SilentTrinity

The SilentTrinity is a new hacking tool, which was spotted in a campaign carried out against the Croatian government recently. Malware experts couldn’t identify what hacking group is responsible for the attacks. However, this new threat has an interesting feature – the SilentTrinity malware does not leave behind any traces of its activity on the infected machine. This is done by the payload entering the RAM of the system. This makes the SilentTrinity malware much more difficult to spot for anti-spyware tools and minimizes the traces left of the unsafe activity greatly. Propagation Method The propagation method used by the authors of the SilentTrinity malware is spam emails masquerading as legitimate email sent by the Croatian Postal Service, even going as far as mimicking the original domain names of the institution. The emails would...

Posted on July 9, 2019 in Malware

KICK Ransomware

There are new ransomware threats rearing their ugly heads daily as more and more cybercriminals try their luck with making a quick buck by blackmailing innocent users. One of the newest file-locking Trojans to emerge is the KICK Ransomware. When analyzed, the KICK Ransomware revealed that it is a variant of the infamous Dharma Ransomware. Compromising Your PC Malware researchers have not yet determined what infection vectors are involved in the spreading of the KICK Ransomware. Some believe that mass spam email campaigns, infected pirated applications, and bogus software updates might be some of the propagation methods used in the spreading of the KICK Ransomware, as these are among the most popular infection vectors used by cybercrooks. If the KICK Ransomware manages to compromise your system, it will begin a scan whose goal is to...

Posted on July 9, 2019 in Ransomware

Crash Ransomware

Ransomware threats are growing in popularity as cybercriminals all over the world are encouraged to try their luck when they see cases like the Florida town, which paid hackers $600,000 as a ransom fee at the end of June 2019. This is why it is not one bit surprising that there are new ransomware threats detected on a daily basis. One of the most recently spotted is the Crash Ransomware. When malware researchers dissected this data-locking Trojan, they found out that it belongs to the widely popular Dharma Ransomware family. Infecting Your System It is believed that the authors of the Crash Ransomware may be utilizing faux application updates, corrupted pirated software, and spam emails containing infected attachments as infection vectors in spreading their creation. However, cybersecurity experts have not been able to pinpoint the...

Posted on July 9, 2019 in Ransomware

Basilisque Ransomware

The Basilisque Ransomware is a data-locking Trojan, which has surfaced the Internet recently. It appears that the Basilisque Ransomware is not a variant of any of the widely known ransomware threats but is likely a project built from scratch. Compromising Your System Cybersecurity researchers have not been able to pinpoint the exact method of spreading the Basilisque Ransomware. Some believe that emails with infected attached documents, bogus software updates and corrupted pirated applications may be among the infection vectors utilized by the authors of the Basilisque Ransomware. Once the Basilisque Ransomware worms its way in your system, it will scan your data. The goal is locating the files, which will then undergo encryption. When the scan is completed, the Basilisque Ransomware will start locking the data. A...

Posted on July 8, 2019 in Ransomware

Php Ransomware

At the start of July 2019, malware researchers spotted a new ransomware threat called the Php Ransomware. When they dissected this newly emerged file-encrypting Trojan, experts found out that the Php Ransomware belongs to the Dharma Ransomware family. Infiltrating Your PC It is not yet known what propagation method is employed in the spreading of the Php Ransomware. Some believe that the authors of this data-locking Trojan may be employing fraudulent application updates, infected pirated software, and mass spam email campaigns as propagation methods to spread their creation. When the Php Ransomware infiltrates a machine, it will perform a scan. Then, when the files that the Php Ransomware was programmed to target are located, this threat would trigger its encryption process. When a file is encrypted by the Php Ransomware, its name is...

Posted on July 8, 2019 in Ransomware

Riltok

The Riltok malware is a banking Trojan, which targets Android devices. The first campaigns featuring the Riltok took place over one year ago, and this banking Trojan has been active ever since. Over 90% of the victims of the Riltok Trojan are located in Russia. Despite the initial campaigns only targeting Russian Android users, the authors of the Riltok banking Trojan have begun to expand their reach. Their operations in 2019 reveal that they are now targeting Android devices in the United Kingdom and France, among other European countries. Infecting Your Device The authors of the Riltok Trojan are using fraudulent text messages as their go-to infection vector. The text messages are tailored according to where the user is located. In Russia, the bogus text message claims that it would provide the user with free advertising if they...

Posted on July 8, 2019 in Trojans

Dqb Ransomware

The Dqb Ransomware is a newly emerged ransomware threat. Once cybersecurity experts spotted it, they decided to dissect this data-encrypting Trojan. They concluded that the Dqb Ransomware is a variant of the infamous Dharma Ransomware quickly. Infecting Your System Malware experts have not come to a consensus regarding the propagation method employed in the spreading of the Dqb Ransomware. However, some speculate that the most common techniques are likely at play here – bogus software updates, spam email campaigns and corrupted pirated applications. Once the Dqb Ransomware compromises a computer successfully, it will scan it. This is done so that the Dqb Ransomware locates the file, which will be locked later. Then, the encryption process begins. The files, which are affected by the Dqb Ransomware, will have their names changed....

Posted on July 8, 2019 in Ransomware

Gelup

TA505 is a hacking group, which has been very active recently having launched operations with targets in multiple countries – South Korea, Philippines, Japan, as well as Saudi Arabia, UAE and even Argentina. Often, hacking groups concentrate their efforts in a particular region in the world, but the TA505 group has a broader reach. Cybersecurity experts have spotted two new hacking tools, which have been added to the arsenal of the TA505’s hacking tools – the FlowerPippi backdoor Trojan and the Gelup Trojan downloader. The preferred propagation method used by the TA505 group is phishing emails. They use social engineering techniques in crafting these fraudulent emails to increase the chances of the user falling in their trap. The attachments in these emails are macro-laced files, usually either a Microsoft Word document or a Microsoft...

Posted on July 5, 2019 in Malware

FlowerPippi

Cybersecurity researchers have been keeping a close eye on the TA505 hacking group recently as two new hacking tools have been introduced to their arsenal – the Gelup Trojan downloader and the FlowerPippi backdoor Trojan. This hacking group does not shy away from launching operation with targets all around the world – from East Asia with victims in Japan, the Philippines, and South Korea, to the Middle East with targets in the UAE and Saudi Arabia. The FlowerPippi Trojan can bypass security checks potentially because its authors have made sure to obfuscate its code. This backdoor Trojan is written in C++. It is likely that the authors of the FlowerPippi backdoor have created as a one-time-use-only tool as this threat does not attempt to gain persistence on the compromised computer. This malware is usually employed in swift attacks...

Posted on July 5, 2019 in Malware

Virus-encoder Ransomware

More and more ransomware threats flood the Internet each day. Among the newest ones spotted by cybersecurity researchers is the Virus-encoder Ransomware. It appears that this data-locking Trojan may have been built from scratch as it is not a variant of any of the famous ransomware threats. It cannot be confirmed with any certainty what propagation method is being used in the spreading of the Virus-encoder Ransomware. Spam emails containing corrupted attachments, fraudulent software updates, and infected pirated application are one of the most common methods in spreading ransomware threats, and some speculate that these may be the infection vectors employed in propagating the Virus-encoder Ransomware. The Virus-encoder Ransomware will scan the system, which it infiltrates. The goal is to find out the locations of the files, which will...

Posted on July 5, 2019 in Ransomware

Acton Ransomware

The Acton Ransomware is a data-locking Trojan, which has emerged on the Web recently. When malware experts dissected the Acton Ransomware, they found out that it belongs to the Phobos Ransomware family. Cybersecurity researchers have not been able to pin down what method of propagation are the cybercrooks behind the Acton Ransomware using to spread their creation. However, some believe that the most common propagation techniques may be at play here – infected pirated software, bogus application updates and mass spam email campaigns. When the Acton Ransomware compromises a PC, it will run a scan. The point of this scan is to locate the files, which will be encrypted in the next step of the attack. Then, the Acton Ransomware will proceed with its encryption process. This file-encrypting Trojan will add an extension to the newly locked...

Posted on July 5, 2019 in Ransomware
1 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1,356