Vesrato Ransomware

An increasing number of shady individuals worldwide have taken up creating data-locking Trojans. This is a very lucrative market as cyber crooks spreading ransomware threats are likely to generate a good amount of cash and avoid any negative consequences for their criminal activity. The Vesrato Ransomware is among the newest detected data-locking Trojans. Once malware experts uncovered this threat, they studied it and determined that this file-encrypting Trojan is a variant of the infamous STOP Ransomware. However, researchers have failed to determine the infections vectors that the Vesrato Ransomware's creators have used to spread this ransomware threat. It is widely believed that the most common propagation methods may be at play in the case of the Vesrato Ransomware – mass spam email campaigns, bogus software updates, and fake...

Posted on August 20, 2019 in Ransomware

QxSearch

Browser hijackers are not considered malware, so they often manage to remain on official app stores like the Chrome Store. Such is the case with the QxSearch. This is a browser hijacker family, which is propagated using various bogus browser extensions normally. The QxSearch extensions would alter the home page of the user by replacing it with a Web page, which is linked to the company that has developed the QxSearch. Triggers and Intentional Error to Remain Undetected by the User In a recent update of the QxSearch browser hijacker variants, it appears that the user is presented with an ‘Error’ message while installing the application. In the beginning, it was believed to be a bug, which will soon be fixed. However, it was never fixed, and malware researchers are beginning to believe that this was likely done intentionally. This...

Posted on August 19, 2019 in Browser Hijackers

Contopee

There are several very high-profile hacking groups around the world, which have done considerble damage globally in recent years. One of them is the North Korean APT38 (Advanced Persistent Threat). Their bread and butter are financial institutions. One of the most high-profile APT38 attacks was launched against the Bangladesh Central Bank. This campaign earned the APT38 a total of $81,000,000. The APT38 are famous for their patience and sneakiness. The APT38 takes its time when it launches a campaign and often manages almost completely to cover up all its threatening activity. Likely Working with Lazarus Recently, it would appear that the APT38 has added a brand-new hacking tool to their arsenal – the Contopee backdoor Trojan. It is likely that the APT38 may have worked in cooperation with another North Korean hacking group called...

Posted on August 19, 2019 in Trojans

Dragon Ransomware

Recently, a new variant of the notorious Aurora Ransomware has emerged, and it is called the Dragon Ransomware. It is paramount to note that this ransomware threat will check the IP of its target, and if the user is located in China, Hong Kong, or Taiwan, it halts the attack. Propagation and Encryption Cybersecurity experts have not yet been capable of determining which are the infection vectors used in the propagation of the Dragon Ransomware. Some believe that it is likely that the creators of the Dragon Ransomware have gone for the usual propagation methods employed in spreading such threats, namely fake software updates, pirated bogus copies of reputable applications, and spam emails, which contain macro-laced attachments. Regardless of the propagation method, the Dragon Ransomware always starts off its attack by performing a scan...

Posted on August 19, 2019 in Ransomware

Pedro Ransomware

Malware researchers have uncovered a brand-new ransomware threat. This data-locking Trojan is called the Pedro Ransomware, and it belongs to the STOP Ransomware family. Propagation and Encryption It is not yet known what the precise infection vectors involved in the propagation of the Pedro Ransomware are. Some experts speculate the creators of the Pedro Ransomware may have employed mass spam email campaigns, bogus application updates, and pirated variants of popular software tools as propagation methods. If the Pedro Ransomware manages to sneak into your PC, it will start the attack with a brief scan. The goal of this activity is to determine the locations of all files of interest. Then, the Pedro Ransomware will start encrypting all the targeted files. Once this threat locks a file, it will alter its name by appending a ‘.pedro’...

Posted on August 19, 2019 in Ransomware

New Windows "Remote Access" Vulnerability Puts 800 Million Computers at Risk

New Windows

The Windows operating system has proven vulnerable to cyber attacks many times in the past, yet Microsoft is trying to face the threats and to provide patches for any emerging vulnerability in its platform. Since the beginning of 2019, several flaws in Windows have been discovered by researchers, and even though the company has managed to fix them before they could be exploited by hackers, we certainly cannot say that Windows devices are completely protected against cyber-attacks.  A critical new vulnerability has now been reported which could potentially provide attackers with remote access to any computer. What is worse - this new flaw has been described as "wormable", which means it...

Posted on August 19, 2019 in Computer Security

Massive Ransomware Attack Infects 23 Government Agencies in Texas

Massive Ransomware Attack Infects 23 Government Agencies in Texas screenshot

On August 16th, government agencies from the state of Texas fell victim to a massive ransomware attack. The incident was isolated to 23 local government departments; the State of Texas networks and systems were not affected by the event. The agencies that were infected with the ransomware are continually working to restore their systems. However, the name of the agencies affected and the size of the ransom have not been disclosed.  Currently, the ransomware attack is being designated as a high priority incident, and the affected entities are now being assisted by multiple agencies on both state and federal levels. The malware that infected the local government departments is known as...

Posted on August 18, 2019 in Computer Security

Grethen Ransomware

Malware experts have spotted a brand-new data-encrypting Trojan claiming victims online. The name of this new pest is the Grethen Ransomware, and upon further inspection, it revealed to be a variant of the notorious Scarab Ransomware. Propagation and Encryption It is not clear what are the exact infection vectors responsible for the propagation of this file-locking Trojan. Some researchers believe that spam emails containing macro-laced attachments, pirated fake copies of legitimate tools, and fraudulent software updates can be among the propagation methods involved in the spreading of the Grethen Ransomware. When the Grethen Ransomware manages to infect a system, it will begin its malicious activities by performing a scan whose goal is to locate all the targeted files. The next step is the encryption process. The Grethen Ransomware...

Posted on August 16, 2019 in Ransomware

MedusaHTTP

The MedusaHTTP botnet is a botnet which has been operational since 2017. This botnet is based on HTTP and is very well known in the world of cyber crime. The MedusaHTTP botnet is a project based on MedusaIRC – a rather old enterprise that relied on IRC (Internet Relay Chat) to receive commands from its operators. The new and improved variant MedusaHTTP is controlled via a control panel set up as a website. Extreme Efficiency The creator of the MedusaIRC had offered it as a service on an underground hacking forum where he posts under the alias ‘stevenkings.’ It would appear that this shady individual has been busy over the years as in 2017 they have posted an advertisement for their newly developed MedusaHTTP botnet. In the post, the creator of this botnet presents the potential clients with the control panel of the botnet as well as...

Posted on August 16, 2019 in Botnets

Nasoh Ransomware

The Nasoh Ransomware is a brand-new data-encryption Trojan which has recently been spotted by researchers. Once this threat was studied, it revealed to be a part of the infamous STOP Ransomware family. Propagation and Encryption There has been no consensus regarding the propagation methods used by the creators of the Nasoh Ransomware. Some cybersecurity experts state that we are likely looking at the most common techniques for propagating threats of this type. This means that the authors of the Nasoh Ransomware have likely employed spam emails containing macro-laced attachments, fake application updates, and pirated bogus copies of popular software tools to spread their malicious creation. Once the Nasoh Ransomware infiltrates a PC, it will start the attack with a quick scan. The scan is meant to locate all the files which the Nasoh...

Posted on August 16, 2019 in Ransomware

LuckyJoe Ransomware

Most cyber criminals tend to target systems running the Windows OS as it is by far the most popular OS worldwide. However, some opt to take up more niche markets. This is the case with the LuckyJoe Ransomware. The LuckyJoe Ransomware is tailored to target machines running the Linux OS. Often, Linux users wrongfully consider their systems impenetrable to any malware and completely overlook their cybersecurity, which makes them a lucrative target for cyber crooks. Propagation and Encryption The propagation methods involved in the spreading of the LuckyJoe Ransomware are not yet clear. Some researchers speculate that pirated bogus variants of popular software, mass spam email campaigns, and fake application updates may be among the infection vectors utilized by the authors of the LuckyJoe Ransomware. As soon as the LuckyJoe Ransomware...

Posted on August 16, 2019 in Ransomware

Norman

There are many different strains of crypto-miners out there in the wild world of the Internet. Different crypto-miners target different crypto-currencies, but it appears that the most popular one among them is the Monero crypto-currency. Recently, malware experts have been able to spot a brand-new crypto-miner lurking on the Web by luring it with a honeypot. Most crypto-currency miners are similar to one another fairly, but today's case is a little different. Attacks in Three Stages This new crypto-miner was named Norman as it appears that there are quite a few of its files carrying this name. The Norman crypto-miner is a master of disguise and is capable of avoiding detection very efficiently. This impressive crypto-mining tool carries out its attack in three steps. These stages can be somewhat flexible depending on the environment in...

Posted on August 15, 2019 in Malware

Cerberus

Sometimes instead of using their own hacking tools in various threatening operations, cybercriminals opt to sell them as a service instead. This trend is called malware-as-a-service and is rather popular in the world of cybercrime. This way, even individuals with no technical skills can operate a threat and generate revenue on the backs of innocent users. Recently, malware researchers uncovered a new malware-as-a-service being offered on a hacking forum. This threat is called Cerberus and is believed to have been made in the Russian Federation. Cerberus is an Android-based banking Trojan with impressive abilities to gather important data and avoid malware-debugging software. Cheap and Updated Regularly Unlike the popular Anubis banking Trojan, the Cerberus banking Trojan is rather cheap, which is likely to make it garner a significant...

Posted on August 15, 2019 in Banking Trojan

Sakula

The Sakula RAT (Remote Access Trojan) is a threat that has been annoying users since 2012. As most threats of this type, it allows its operators to gain some remote control over the infected host. Malware experts believe that the Sakula RAT originates from China and is likely a creation of the infamous Aurora Panda APT (Advanced Persistent Threat) in cooperation with the Deep Panda group. It appears that the Sakula RAT has already been employed in various campaigns with high-profile targets in government and medical institutions, as well as corporations involved in the technology and aerospace industry. Propagation Methods Among the propagation methods used in the spreading of the Sakula RAT are bogus application installers, which were masked as legitimate services. Some of the legitimate applications that the Sakula RAT was...

Posted on August 15, 2019 in Remote Administration Tools

Nacro Ransomware

Malware experts have uncovered a new ransomware threat circulating the Web recently. The name of this file-locking Trojan is Nacro Ransomware. When this threat was dissected, it became clear that this is yet another variant of the infamous STOP Ransomware. Propagation and Encryption It is not known yet what are the infection vectors employed by the authors of the Nacro Ransomware to spread their threatening creation. Some researchers believe that some of the propagation methods involved in the spreading of the Nacro Ransomware may be mass spam email campaigns, bogus application updates and fake pirated variants of popular software. When the Nacro Ransomware manages to compromise a host, it will start off the attack by performing a quick scan. The scan will reveal the locations of the files, which the Nacro Ransomware was programmed to...

Posted on August 15, 2019 in Ransomware