Zero-Fucks Ransomware

The Zero-Fucks Ransomware is a data-locking Trojan which has been recently spotted by cybersecurity researchers. Unlike most ransomware threats nowadays, which tend to be almost entirely based on already existing file-encrypting Trojans, the Zero-Fucks Ransomware appears to be an original project. Infiltration and Encryption Malware experts were not able to determine with fill certainty what infection vectors may be at play in the spreading of the Zero-Fucks Ransomware. Some believe that the authors of the Zero-Fucks Ransomware have likely opted to use the most common and widely spread techniques in propagating their creation – emails containing macro-laced attachments, fraudulent application updates, and corrupted software downloaded from unofficial sources. The Zero-Fucks Ransomware will begin scanning the system as soon as it...

Posted on July 17, 2019 in Ransomware

KopiLuwak

The Turla hacking group is a world-known APT (Advanced Persistent Threat). This hacking group is very likely working for the Russian government as their targets tend to be foreign officials and governments, as well as large companies in industries which the Kremlin has vested interests in. This cyber-attack-dog of the Russian government appears to have been active since 2007 and has been gradually improving their arsenal of hacking tools by updating older tools as well as adding new ones. One of the newest projects of the Turla APT is the KopiLuwak backdoor Trojan. Written in Javascript This Trojan is written in Javascript, which is not very common as threats written in this programming language tend to have a rather limited set of capabilities. It is likely that the Turla hacking group has opted to use Javascript as this could make...

Posted on July 17, 2019 in Trojans

Lokas Ransomware

Cybercriminals’ interest in creating ransomware threats seems to be growing by the day. Recently, a new data-locking Trojan was spotted by experts who dedicate their time to fighting malware. This brand-new threat is called Lokas Ransomware, and it belongs to the STOP Ransomware family. Infiltrating Your PC It is not yet clear what are the exact infection vectors used in the propagation of the Lokas Ransomware, but some speculate that the most common methods of spreading ransomware may be involved in this campaign too – mass spam email operations, faux software updaters, and infected applications downloaded from unverified sources. When the Lokas Ransomware worms its way into a system, it will start the attack with a quick scan. After the scan is performed, the Lokas Ransomware would have located all the files, which will be targeted...

Posted on July 16, 2019 in Ransomware

Rodentia Ransomware

There are new ransomware threats popping up daily. Some ransomware authors create highly weaponized, high-end threats that can cause tremendous damage. Others, however, are not that skilled and sometimes end up releasing pretty poorly made ransomware threats. This is the case with the Rodentia Ransomware. Infecting Your Computer Malware researchers have not pinpointed a specific propagation method that is employed in spreading the Rodentia Ransomware. Some believe that the authors of the Rodentia Ransomware may have used some of the classic infection vectors that are most commonly used in propagating ransomware threats – corrupted software downloaded from unsecured websites, emails that contain macro-laced attachments, and bogus application updates. Usually, ransomware threats scan a system, locate the files that they were programmed...

Posted on July 16, 2019 in Ransomware

ExpBoot Ransomware

With the growing popularity of ransomware threats, there are all sorts of cybercriminals trying their luck in creating various variants of this malware. Some of the cybercrooks are highly skilled and very capable, while others, not so much. Today we will be dealing with the latter when discussing the newly emerged ExpBoot Ransomware. Compromising Your System It is not clear what is the precise method employed in the propagation of the ExpBoot Ransomware. Some malware researchers have speculated that the authors of the ExpBoot Ransomware may have made use of the most favored infection vectors used in the spreading of ransomware threats – faux software updates, corrupted pirated applications downloaded from unverified sources, and spam emails containing infected attachments. Normally, when a ransomware threat compromises a PC, it will...

Posted on July 16, 2019 in Ransomware

Topinambour

The Turla APT (Advanced Persistent Threat) is a hacking group that appears to have been active since 2008. This APT has been linked to the Russian government and is likely being sponsored by them as this highly-skilled hacking group has proven to be useful in furthering the interests of the Kremlin. Recently, the Turla APT has added a new hacking tool to their rich arsenal – the Topinambour Trojan dropper. In campaigns, the Topinambour malware is not the main actor but serves as a backdoor to allow additional, more sophisticated threats on the compromised system. Propagation Method It seems that the propagation method chosen by the Turla hacking group is via legitimate program installers, which carry the payload of the Topinambour. Once the user installs the desired software, it will run normally, and thus the threatening activity that...

Posted on July 16, 2019 in Trojans

REvil Ransomware

Cybersecurity experts have spotted a new ransomware threat circulating the Web recently. This data-encrypting Trojan is called REvil Ransomware and also is known as the Sodinokibi Ransomware. Infiltration and Encryption Malware experts have not been able to reach a consensus as to what method is employed in the propagation of the REvil Ransomware. It is largely believed that the authors of the REvil Ransomware may be using some of the most common techniques to spread this file-locking Trojan – bogus application updates, infected pirated software downloaded from unofficial sources, and spam emails, which contain corrupted attachments. If the REvil Ransomware manages to penetrate a system, it will begin the attack with a quick scan of the files present on the computer. The goal is to find and locate the files, which the REvil Ransomware...

Posted on July 16, 2019 in Ransomware

Serious Instagram 2FA Loophole Patched

Facebook has had a bug bounty program that allows independent researchers to report security flaws for almost a decade now. Only recently, a very serious issue concerning Instagram account security was patched after a researcher managed to find a way to brute-force more or less any Instagram account and gain control over it. The find landed Laxman Muthiyah an award of $30 thousand. The severity of the issue he discovered more than justifies that sum. Muthiyah discovered a weakness in the two-factor authentication procedure that relies on a code sent to the user's mobile phone. Instagram generates a six-digit code that Muthiyah decided to brute-force, but worked out that there would be about a million combinations. The only issue was the limited time window in which the randomly generated six-digit code was active - Instagram keeps the...

Posted on July 16, 2019 in Computer Security

Instagram virus

The Instagram virus has been a computer threat that dates back to 2018 where it was primarily known for spreading through aggressive spam and phishing campaigns. Such campaigns were inclined to redirecting computer users to websites that look legitimate and then demanded the login credentials for Instagram accounts through an enticing method. On many occasions the Instagram virus started through spam emails with links that sent users to phishing sites where the login credentials were naturally stolen. When stolen, the credentials were then used to leverage certain Instagram accounts to spread propaganda and many other malevolent-intent items or even push the sales of items on the Internet. In other instances, the Instagram virus directed viewers of compromised accounts to pages just for clicks or impressions as part of a pay-per-click...

Posted on July 15, 2019 in Malware

DoppelPaymer Ransomware

DoppelPaymer Ransomware is a file-locking trojan that blocks your media and leaves ransom notes redirecting you to a payment portal for the unlocker. Although it's an update of the highly-similar BitPaymer Ransomware, it uses a separate encryption method and requires a different decryptor for restoring any files. Let your anti-malware products remove DoppelPaymer Ransomware as soon as they detect it and store secure backups for undoing the side effects of its attacks. Just a Doppelganger Getting Paid At least one criminal from the same group of hackers that brought the world Gameover Zeus and the Dridex banking trojan is turning old tools into new money, in theory. A new variant of BitPaymer Ransomware, from the 'Business Club' threat actor, is circulating with attacks targeting both private sector companies and government networks....

Posted on July 15, 2019 in Ransomware

Kromber Ransomware

A brand new ransomware threat has recently surfaced. It is called the Kromber Ransomware, and upon further research, it appears that this file-encrypting Trojan is a variant of the Matrix Ransomware. Infiltrating Your Computer Security researchers have been unable to pinpoint what infection vector is being employed in the propagation of the Kromber Ransomware. Some, however, speculate that some of the propagation methods which may be at play in the spreading of the Kromber Ransomware may be infected pirated applications, emails containing macro-laced attachments and bogus software updates. The Kromber Ransomware performs a scan as soon as it infiltrates a machine. This is how the threat detects the location of the files, which will be locked later. Then, the Kromber Ransomware triggers the encryption process. A file. which is encrypted...

Posted on July 15, 2019 in Ransomware

1BTC Ransomware

Cybercriminals often tend to create ransomware threats, which have their code based on already established data-locking Trojans instead of building a threat from scratch. An example of this would be the 1BTC Ransomware, which emerged recently. This file-encrypting Trojan is based on the wildly popular Dharma Ransomware. Compromising Your System It is not yet certain how the authors of the 1BTC Ransomware are propagating it exactly. Fraudulent application updates, mass spam email campaigns, and infected pirated software are dubbed to be some of the infection vector, which have likely been used in the spreading of the 1BTC Ransomware. When a computer gets infected by the 1BTC Ransomware, it will be quickly scanned so that the threat can locate the files, which it was programmed to go after. Next is the encryption process. A file, which...

Posted on July 15, 2019 in Ransomware

Agent Smith

A new Android malware has surfaced the Internet recently. It is called Agent Smith, which is likely a reference to a character in the 90’s classic franchise The Matrix. The Agent Smith malware is a very successful Android malware. Cybersecurity researchers believe that this threat has already compromised over 25 million Android devices worldwide. However, it seems that the campaigns of the Agent Smith are concentrated in India, Bangladesh, and Pakistan mainly, with occasional activity in the United States as well as Australia. Propagation The authors of the Agent Smith threat would spread it via third-party websites that host fake versions of popular Android applications. However, the authors of the Agent Smith have managed to bypass the security checks on the official Google Play Store and managed to get infected applications on there...

Posted on July 15, 2019 in Malware

QNAPCrypt Ransomware

Usually, ransomware threats tend to aim at infecting as many systems as possible often via ransom spam email campaigns. However, the authors of the QNAPCrypt Ransomware have taken a different approach. They are very picky when it comes to targets and the only systems that this Trojan attack is NAS (Network-Attached Storage) devices, which are manufactured by the QNAP company – a Taiwanese corporation, which specializes in the development of NAS products. It is understandable why the authors of the QNAPCrypt Ransomware have targeted NAS servers, they are a very juicy target as they used by corporations and institutions and often contain important, sensitive data. This makes it much more ossible that the victims would end up paying up the ransom fee. Targets Linux The QNAPCrypt Ransomware targets systems running Linux. The exact...

Posted on July 15, 2019 in Ransomware

Ims00ry Ransomware

The Ims00ry Ransomware is a data-encrypting Trojan, which was uncovered by malware researchers recently. Often, cybercrooks use popular ransomware threats to base their creations on instead of creating them from scratch. However, the Ims00ry Ransomware does not seem to belong to any of the big ransomware families. Infecting Your PC The propagation method employed in the spreading of the Ims00ry Ransomware is not yet known. Some believe that the most popular infection vectors involved in propagating ransomware threats may be at play in the case of the Ims00ry Ransomware too – emails that contain corrupted attachments, fake software updates, and infected pirated applications from unofficial sources. The Ims00ry Ransomware will scan the system as soon as it manages to infiltrate it so it would locate the files, which it is programmed to...

Posted on July 15, 2019 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 12 1,347