Retadup

The Retadup botnet was first detected back in 2017 as the botnet was growing and taking over vulnerable networks quickly. However, the Retadup botnet was finally shut down after cybersecurity researchers and the law-enforcement authorities in France managed to locate the C&C (Command & Control) servers of the botnet and seized the equipment. At its peak, the Retadup botnet boasted over 850,000 compromised devices that were used for mining cryptocurrency and for launching DDoS (Distributed-Denial-of-Service) attacks. The Retadup malware has an impressive list of capabilities. It can: Collect data from the compromised host and send it to the C&C servers of the attackers. Self-replicate to further propagate itself. Plant a cryptomining module, which mines for the Monero cryptocurrency. Once the French authorities took over the servers of...

Posted on August 28, 2019 in Botnets

Good Ransomware

The Good Ransomware is among the newest spotted ransomware threats lurking on the Web. Like most data-locking Trojans, the Good Ransomware will sneak into your system, encrypt your data, and then request a ransom fee to unlock the affected files supposedly. Propagation and Encryption The authors of the Good Ransomware may be using emails to spread their creation. These emails usually contain an attached document that appears to be important such as CVs, tax return documentation, a potential job offer, etc. This is a common social engineering trick to mislead the user into opening the attachment. However, once they attempt to open the attached file, a macro-script that was hidden in, it will be triggered. Then, the executable file of the Good Ransomware will be initialized. Next, the Good Ransomware will scan the infected machine and...

Posted on August 28, 2019 in Ransomware

ArtraDownloader

BITTER is an APT (Advanced Persistent Threat) which has been active since 2015. Experts believe that the BITTER hacking group likely originates from Southern Asia as most of their victims are concentrated in this region – most of the attacks appear to be targeting organizations located in China and Pakistan. Ever since they began operating back in 2015, the BITTER APT has been using one main Trojan downloader – the ArtraDownloader. Naturally, to remain relevant, the BITTER hacking group had to introduce a number of updates to the ArtraDownloader over the years. The latest variant of the ArtraDownloader has some impressive capabilities when it comes to self-preservation techniques. This Trojan downloader can evade security software successfully, as well as to detect and avoid sand-box environments. The ArtraDownloader also can serve as...

Posted on August 27, 2019 in Trojans

BitterRAT

The BITTER hacking group is a crew of highly-skilled cybercriminals that are believed to originate from South East Asia. Malware researchers first spotted this APT (Advanced Persistent Threat) back in 2015, and they are still active to this day. Most of the victims of the BITTER hacking group are located either in Pakistan or in China. Often Operates in Combination with the ArtraDownloader One of the most commonly used tools by the BITTER APT is the BitterRAT. Usually, the BITTER hacking group tends to combine the BitterRAT with the ArtraDownloader. Theses two pieces of malware appear to be the most preferred tools in the hacking arsenal of the BITTER APT. The ArtraDownloader would serve as a first-stage payload, which would enable the attackers to plant the BitterRAT on the infected host. When this is completed, the operators of the...

Posted on August 27, 2019 in Remote Administration Tools

GEROSAN Ransomware

The GEROSAN Ransomware is one of the most recently spotted file-encrypting Trojans on the Internet. A growing number of cyber crooks are pumping out ransomware threats as they are seen as a high-prize low-risk type of endeavor, which is likely to generate them some good revenue. Propagation and Encryption Once the GEROSAN Ransomware was uncovered, malware researchers began studying it and concluded that this data-locking Trojan is a variant of the notorious STOP Ransomware. They are not sure which are the infection vectors employed in the spreading of the GEROSAN Ransomware. Some have speculated that the most common methods of propagating this threat may be at play in the case of the GEROSAN Ransomware too – fake software updates, bogus pirated copies of popular applications and mass spam email campaigns. When the GEROSAN Ransomware...

Posted on August 27, 2019 in Ransomware

Xilbalar.com

Xilbalar.com is a website that does not host any unsafe content, but it hosts a vast myriad of potentially unwanted advertisements. If you have found yourself on the Xilbalar.com, it is likely because you have been browsing other Web pages with dodgy content such as adult entertainment and sites involved in the distribution of pirated applications and media. Websites with dubious content usually form a network and promote each other on their platforms. As soon as the Xilbalar.com get access to your system, it will begin bombarding you with advertisements of all types – pop-up ads, constant browser notifications, flashing windows, etc. Sometimes, these advertisements would involve pornographic content or other potentially disturbing imagery. Apart from this, the Xilbalar.com also is likely to promote pages that are other shady services...

Posted on August 27, 2019 in Browser Hijackers

Web Hosting Provider Hostinger Suffers Data Breach

Web Hosting Provider Hostinger Suffers Data Breach screenshot

On August 23 web hosting provider Hostinger announced suffering a significant data breach that could have potentially affected a huge number of its customers. In the wake of the incident, Hostinger reset its users' passwords as a safety measure. The official statement from the hosting company informed that a hacker gained access to Hostinger's internal API and through that reached a server containing hashed passwords, as well as additional "non-financial" customer information. The extent of the affected information includes users' provided first and last names, as well as chosen usernames, their IP addresses, hashed passwords, and contact information. Passwords have been hashed using the...

Posted on August 26, 2019 in Computer Security

Gloyah.net

There are many individuals with shady intents looking to make a buck on the Internet. It is not just cybercriminals developing different malware or characters creating various dubious software. There also are websites with dodgy content. An example of this is the Gloyah.net Web page. The one and only goal of this website is to trick the user into giving it permissions to send the person notifications and pop-up advertisements. Gloyah.net's author has opted to use a popular URL shortening service, namely Adf.ly, that also offers monetization options. However, the Adf.ly is a legitimate website that provides a legitimate service and is in no way related to the Gloyah.net. The more you browse low-quality Web pages, the higher the chance is to come across the Gloyah.net page. Such pages often work in cooperation with various shady...

Posted on August 26, 2019 in Browser Hijackers

MicroLeaves

MicroLeaves is an application that falls under the category of adware. This means that this application is threatening and will not harm you or your system. However, this does not mean that MicroLeaves has no negative effects on one's browsing quality. On the contrary, the MicroLeaves application can prove to be quite an irritating pest. The MicroLeaves may pester you with ads that it is able to inject in your Web browser's tabs. It also can use page redirects, as well as other online marketing methods to present you with as many advertisements as possible. Despite this not being considered as an inherently unsafe activity, it will likely cause great irritation. Applications with dubious content like the MicroLeaves application usually end up on users' system via software bundles containing different freeware. This is not the only way,...

Posted on August 26, 2019 in Adware

Gretaith.com

Gretaith.com is a website that hosts advertisements and promotes them on various low-quality websites. If you browse such Web pages, you may have stumbled upon Gretaith.com's advertisements. This is not such a huge issue, as you will have the option to close said advertisements. However, the Gretaith.com website, like many other dubious websites, uses social engineering techniques to trick users into granting them special permissions. One of its methods is to prevent the user from viewing certain content, like a video or a song, unless they provide Gretaith.com with permission to display notifications. Once the user falls for this trickery, the Gretaith.com will not hesitate to begin bombarding them with advertisements for all shady services and products. It is likely that the Gretaith.com activity on your system is not caused by any...

Posted on August 26, 2019 in Browser Hijackers

Hatnofort.com

Browsing shady websites often may expose you to various digital content that you are not used to seeing. For example, Hatnofort.com is a page to known to host exactly content of this sort – it may display a video player that is said to contain interesting media content. However, the user is not allowed to view it unless they complete a certain action – the Hatnofort.com page asks them to click the 'Allow' button on a prompt that demands to authorize Hatnofort.com to display browser notifications. While this may not be considered a big deal, meeting this requirement will enable the Hatnofort.com's authors to push all advertisements by using your browser's integrated notification feature. The advertisements that Hatnofort.com promotes may vary, but they are likely to have one thing in common – they will show up no matter if your browser...

Posted on August 26, 2019 in Browser Hijackers

Estemani Ransomware

The Estemani Ransomware is a file-locking Trojan, which targets a very long list of file types. This ensures maximum damage once it manages to infiltrate a user's system. This data-encrypting Trojan propagates itself by masquerading as different content such as pirated applications, game cracks, cheat codes for popular games, and archives in the shape of a '.zip' files. When the Estemani Ransomware compromises a computer, it will scan it to locate the file types, which will later be locked. Then, the encryption process will take place. Once the Estemani Ransomware encrypts a file, it changes its name by adding a '.estemani' extension at the end of the filename. Then, the Estemani Ransomware drops a ransom note. The note is named 'HOW_DECRYPT_FILES.txt,' which contains the ransom message of the attackers that reads: ’Greetings, We are...

Posted on August 26, 2019 in Ransomware

Asruex

The majority of users on the Internet tend to neglect updating their software and their operating systems. It may be a tedious task to keep all your applications up to date, but it is necessary if you want to keep malware away from your system. Since there are so many people who fail to do this, cyber crooks have tailored special malware targeting systems running outdated software or outdated operating systems. Exploits Almost Decade-Old Vulnerabilities This is the case with the Asruex backdoor Trojan. The Asruex Trojan has been pestering users for years. If this threat manages to infiltrate your system, it has the full capabilities to gain complete control over your PC. What is even worse is that cybercriminals appear to have developed a new, updated variant of the Asruex backdoor Trojan. This strain of the Asruex Trojan takes...

Posted on August 23, 2019 in Trojans

SGUARD Ransomware

There is an ever-increasing interest in ransomware threats, and this is clear to see as there are new data-locking Trojans pumped out on a daily basis. Malware researchers are struggling to keep up and analyze all the newly emerging ransomware threats. Their goal is to develop publicly available decryption tools to help the victims of ransomware, but this is truly an uphill battle for cybersecurity experts. Propagation and Encryption One of the most recently spotted ransomware threats is the SGUARD Ransomware. Researchers have not yet determined the infection vectors utilized in the propagation of the SGUARD Ransomware. It is highly likely that the creators of the SGUARD Ransomware have employed mass spam email campaigns, bogus software updates, and fake pirated copies of legitimate applications to spread this new file-encrypting...

Posted on August 23, 2019 in Trojans

Maranhesduve.club

The Maranhesduve.club website is not involved in any illicit or unsafe activity. If you happen to visit websites with dubious content frequently, you may have happened upon the Maranhesduve.club website, which sometimes appears as a pop-up ad on these web pages. The Maranhesduve.club Web page seems to redirect users to all sorts of shady websites that offer even shadier services – free trials for popular applications, dating websites, gambling pages, free prizes, etc. Interestingly enough, the Maranhesduve.club has even gone as far as to promote supposed technical support, which is a hoax. Such fake technical support sites use social engineering to scare the user by claiming that their system has been infected with various malware, and they need to act on it immediately. Then, they often provide a phone number, and they urge the user...

Posted on August 23, 2019 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 12 1,356