Hermes666 Ransomware

The Hermes666 Ransomware is a newly uncovered file-encrypting Trojan. Once dissected, this ransomware threat revealed to be a variant of the popular Maoloa Ransomware. Propagation and Encryption It has not known with any certainty what is the propagation method involved in the spreading of this data-locking Trojan. Some of the most common methods of propagating threats of this type may be at play in the case of the Hermes666 Ransomware too. Among these propagation techniques are spam emails containing macro-laced attachments, pirated fake variants of popular software, and bogus application updates. If the Hermes666 Ransomware manages to infiltrate your computer, it will scan it. The goal of this scan is to locate the files, which the Hermes666 Ransomware has been programmed to go after. Once a file undergoes the encryption process of...

Posted on August 14, 2019 in Ransomware

Coharos Ransomware

Malware researchers have come across a new ransomware threat called Coharos Ransomware. When they studied it, they found out that the Coharos Ransomware belongs to the STOP Ransomware family. Propagation and Encryption Cybersecurity experts couldn’t pinpoint the exact propagation methods that the authors of the Coharos Ransomware have implemented. Some believe that mass spam email campaigns, pirated bogus copies of legitimate applications, and fake software updates may be some of the infection vectors involved in the spreading of the Coharos Ransomware. Once this ransomware threat infects your PC, it will scan it to locate all the files, which will be marked for encryption quickly. Then, the Coharos Ransomware will begin locking all the targeted files. When the Coharos Ransomware encrypts a file, it will alter its filename by adding a...

Posted on August 14, 2019 in Ransomware

YobaCrypt Ransomware

The YobaCrypt Ransomware is a brand-new ransomware threat. More and more cybercriminals try their luck in creating file-locking Trojans as they are often perceived as an easy way to generate some cash. Propagation and Encryption It is not yet clear what is the exact infection vector involved in the propagation of this new ransomware threat. Some malware researchers believe that fake application updates, pirated copies of legitimate software, and spam emails containing corrupted attachments may be some of the propagation methods used by the authors of the YobaCrypt Ransomware. This data-encrypting Trojan will scan your system briefly once it infiltrates it. The purpose is to locate all the files, which will be targeted for encryption. Once this step is completed, the YobaCrypt Ransomware will start its encryption process. All the files,...

Posted on August 14, 2019 in Ransomware

Neko

An increasing number of cyber crooks choose to try their luck in creating malware targeting IoT (Internet-of-Things) devices as more and more devices are becoming ‘smart’ and are thus connected to the Internet. An additional factor in the increased interest in infecting IoT devices is that they often have very weak security features making them a lucrative target for cybercriminals. However, IoT devices usually have very limited abilities and are thus normally used to build large botnets whose purpose is launching DDoS (Distributed-Denial-of-Service) attacks. Fell For a ‘Honeypot’ In 2019, malware researchers discovered a fairly large IoT botnet named Neko. This botnet was first seen in the wild when a researcher-operated IoT device (Honeypot) was infected by the threat. The machines that are a part of a Honeypot are normally made to...

Posted on August 14, 2019 in Malware

Mtogas Ransomware

Cybersecurity researchers have been spotting more and more ransomware recently. Among the newest uncovered threats is the Mtogas Ransomware. When experts studied this data-locking Trojan, they found out that it belongs to the STOP Ransomware family. Propagation and Encryption The malware researchers who uncovered the Mtogas Ransomware have not been able to establish what is the exact method employed in the propagation of this file-encrypting Trojan. Some speculate that the infection vectors used for the spreading of the Mtogas Ransomware may be spam emails containing corrupted attachments, bogus applications updates, and pirated copies of legitimate software tools. If the Mtogas Ransomware manages to worm its way in your system, it will kick off the attack by performing a scan. The scan serves to determine the locations of the files,...

Posted on August 13, 2019 in Ransomware

VBShower

The APT41 (Advanced Persistent Threat) hacking group has been active since 2014 and has managed to cause a lot of harm to countless users globally. This hacking group also is known under the aliases Cloud Atlas APT. They have targeted users in the United States, Russia, India, Turkey, Belgium, Bulgaria and others. It appears that the APT41 is mainly going after government institutions, religious groups, and business involved in the aerospace industry. One of their most known threats is the PowerShell Trojan. However, it seems that the focus of the APT41 has shifted from PowerShell to a new and improved version of it named VBShower recently. The main infection vector used in the propagation of the VBShower hacking tool appears to be macro-laced Microsoft Office documents. Good at Avoiding Detection The VBShower is notable for its...

Posted on August 13, 2019 in Malware

Hodin RAT

Many Linux users believe falsely that their systems are an impenetrable fortress to the evil forces of malware. However, this is not the case. Despite there not being that much interest in developing malware targeting Linux systems specifically, there are still cybercriminals who are willing to get into this niche market. Linux users cannot afford to continue overlooking their security as there is an increasing number of Linux-targeting malware emerging. Limited Abilities Recently, a user of the GitHub website has decided to upload the code of a threat publicly, which is tailored to target Linux running systems. This threat is a RAT (Remote Access Trojan) that goes by the name the Hodin RAT. As with most RATs targeting Linux users, the Hodin RAT is not nearly as weaponized as various RATs that target Windows running computers. The...

Posted on August 13, 2019 in Remote Administration Tools

WinLog

It would appear that an anonymous user has decided to upload the source code of a new keylogger tool free of charge, on a platform online. The keylogger is called WinLog and it is rather basic. However, the fact that the WinLog keylogger is available for free means that we may soon see mass-scale attacks employing this threat from a variety of different ill-minded actors around the world. Sometimes a more highly-skilled cybercriminal would come across a freely available hacking tool like the WinLog and build on the basis of its source code to create a more harmful and complex threat. Simple but Dangerous Despite the current variant of the WinLog keylogger being more simplistic, it does not mean that it is not to be considered threatening. On the contrary, the WinLog keylogger can cause great harm if it manages to infiltrate an...

Posted on August 13, 2019 in Keyloggers

Varenyky

The Varenyky malware is a brand-new threat, which appears only to target French users. This threat is being propagated via phishing emails. The emails contain an attachment, which is masked as an urgent invoice. Once the user tries to open the attachment, they will trigger the macro-script hidden within it. The threat will then check what is set as default on the compromised host. If the language that will be used is French, the attack will proceed, if it is not the threat will halt its activity. Capabilities In case that the default language is French and the unpacking of the malware is successful, the attackers will be able to execute various commands on the infected system, as well as plant additional malware on it. The Varenyky malware is capable of utilizing third-party tools to gather login credentials from Web browsers, as well...

Posted on August 12, 2019 in Malware

Saefko

Often, cybercriminals who develop their own hacking tools opt to sell them publicly to make some quick cash. This is the case with the Saefko RAT (Remote Access Trojan). This RAT appears to be mainly used for espionage and offers the users who buy it a great insight into the habits of the victims they choose to target. This helps them tailor a better approach to trick the targets potentially. Saefko is distributed the way most other malware of this kind is - through malicious links and attachments in spam emails, as well as through the download of fake software cracks or key generators that are really malware payloads. The Saefko executable is usually named "saefkoagent.exe" and is dropped in the system's \AppData\Roaming directory, along with a second copy in the same directory renamed to "windows.exe". Another copy of the same...

Posted on August 12, 2019 in Remote Administration Tools

mr.yoba@aol.com Ransomware

The mr.yoba@aol.com Ransomware is a recently spotted ransomware threat. Unfortunately, It is likely that there is not a free decryption tool available yet. Propagation and Encryption It is not yet known how are the authors of the mr.yoba@aol.com Ransomware propagating their creation exactly. Some believe that mass spam email campaigns alongside fake software updates and infected pirated copies of legitimate applications may be some of the infection vectors used in the propagation of the mr.yoba@aol.com Ransomware. Once it infects your system, it will scan it to locate the files of interest, which will be marked for encryption. Then, the mr.yoba@aol.com Ransomware will begin its encryption process. Once the mr.yoba@aol.com Ransomware locks a file, it also changes its name. This threat uses a random combination of numbers as an...

Posted on August 12, 2019 in Ransomware

WECANHELP Ransomware

Recently, malware researchers spotted a new data-locking Trojan circulating the Internet. Its name is WECANHELP Ransomware and once dissected this threat revealed to be a variant of the Cry36 Ransomware and the Nemesis Ransomware. Propagation and Encryption Cybersecurity experts have not yet been able to determine with full certainty what are the infection vectors applied in the propagation of the WECANHELP Ransomware. It is very likely that spam emails containing macro-laced attachments, bogus application updates, and pirated fake copies of popular software tools may be among the propagation methods used by the creators of the WECANHELP Ransomware. Regardless of how the WECANHELP Ransomware ends up on your system, once it infiltrates it, its first task is to perform a quick scan. The scan is made to determine the locations of the...

Posted on August 12, 2019 in Ransomware

Smominru

The Smominru crypto miner is a threat that has been around for a while. Malware experts managed to hold back the campaign by configuring a bait & sinkhole server that kept a significant fraction of Smominru's network busy on a loop, therefore preventing it from going after valid targets. However, since this happened, the authors of the Smominru threat have been introducing significant improvements. New Features The actors responsible for the Smominru crypto mining campaign have added several new features: Collecting logging credentials is done via a modified variant of the Mimikatz malware. The EternalBlue exploit is used to propagate the payload of the threat. Several payloads contain a RAT (Remote Access Trojan) feature. Selling Access to Compromised Networks To garner more revenue, the authors of the Smominru crypto mining campaign...

Posted on August 9, 2019 in Botnets

Junior Ransomware

At the beginning of August 2019, cybersecurity experts uncovered a new ransomware threat. This threat goes by the name Junior Ransomware, and when studied, it revealed to be a variant of the Cryakl Ransomware. Propagation and Encryption It has not yet been disclosed what the propagation method applied in the spreading of the Junior Ransomware is. However, it is very likely that spam emails containing corrupted attachments, bogus application updates, and pirated variants of legitimate software may be among the infection vectors used by the creators of the Junior Ransomware. When the Junior Ransomware compromises a computer, it perform a scan whose purpose is to locate all the files, which will be marked for encryption. Next, the Junior Ransomware will start the encryption process. Once the Junior Ransomware locks a file, it will change...

Posted on August 9, 2019 in Ransomware

Arsium Ransomware

Recently, a hacking forum user that goes under the alias of Arsium uploaded a ransomware builder on said forum. This ransomware builder is being distributed free of charge. Such a move has the potential to cause great harm because anyone with ill intentions can download this ransomware builder and create and propagate their own data-locking Trojan. Limited Abilities The Arisum Ransomware toolkit is very limited in regards to what directories can be targeted and locked. This ransomware builder is only capable of going after the files, which are located in the desktop folder. However, the creator of the Arsium Ransomware builder may change this in the future and include other directories too. The Arisum Ransomware toolkit appends an extension to the encrypted files and chooses a password (key) that the ransomware will use to encrypt...

Posted on August 9, 2019 in Ransomware