Londec Ransomware

There have been new ransomware threats popping up daily, and malware researchers are struggling to keep up. Among these brand-new file-encrypting Trojans is the Londec Ransomware. Upon dissecting the Londec Ransomware cybersecurity experts determined that it is a variant of the STOP Ransomware. Propagation and Encryption It has not yet been uncovered what the propagation methods involved in the spreading of the Londec Ransomware are. Some researchers speculate that the creators of the Londec Ransomware may be using mass spam email campaigns, fraudulent software updates, and pirated fake copies of legitimate applications may be some of the infection vectors used by the cyber crooks. When this ransomware threat worms its way into your computer, it will perform a brief scan. The goal is to locate your files, which the Londec Ransomware...

Posted on August 9, 2019 in Ransomware

Omegle Phishing Virus

The con artists tricks to invade the computers of Internet users are never-ending. By using the popularity of the social media, they managed to corrupt a genuine chat site named Omegle, which after been reporter by affected users, also is known as the Omegle Phishing Virus. The Omegle distribution method is very common; it leans of phishing tactics, which consist in making the computer users believe that they have accesses the legitimate Omegle site, when, in reality, what they are visiting are fake, fabricated websites. Another entrance method is via bogus notifications prompting the computer user to download a fake software update, or a highly-attractive advertisement offering prizes to the users. These fake update offers or the advertisements, when clicked, will open the path for the Omegle Phishing Virus to enter the computer....

Posted on August 8, 2019 in Browser Hijackers

Kovasoh Ransomware

A brand-new file-encrypting Trojan has been spotted by cybersecurity researchers recently. Its name is Kovasoh Ransomware, and it belongs to the STOP Ransomware family. Propagation and Encryption It has not yet been disclosed what the infection vectors used by the authors of the Kovasoh Ransomware to propagate their Trojan are. However, some believe that spam emails containing infected attachments, bogus software updates, and pirated copies of common applications may be some of the propagation methods employed in the spreading of the Kovasoh Ransomware. When this ransomware threat infiltrates your computer, it will start the attack with a scan. The purpose of the scan is to locate the files, which will later be encrypted. When this is done, the Kovasoh Ransomware will start locking the targeted data. Once the Kovasoh Ransomware...

Posted on August 8, 2019 in Ransomware

Nvetud Ransomware

The Nvetud Ransomware is a data-locking Trojan, which has been uncovered by malware experts recently. They dissected this threat and determined that it is a variant of the infamous STOP Ransomware. Propagation and Encryption Malware experts cannot determine what the exact infection vector used in the spreading of the Nvetud Ransomware is. It is likely that the creators of the Nvetud Ransomware may have used spam emails containing macro-laced attachments, fake application updates, and pirated bogus copies of legitimate software to propagate their file-encrypting Trojan. When the Nvetud Ransomware gains access to your system, it will perform a scan quickly, which is meant to locate all the data that this threat was programmed to target. Then, the Nvetud Ransomware will start encrypting the targeted files. Once a file has undergone the...

Posted on August 8, 2019 in Ransomware

Cotx RAT

Recently, malware researchers spotted several campaigns targeting government institutions located in the East Asian region. It is likely that the Chinese hacking group called TA428 is responsible for these attacks. Propagation Method The infection vector appears to be spear-phishing emails. The targeted government workers would receive an email with a ‘.doc’ or ‘.rtf’ attachment, which they are urged to open. If the user falls for this trick and attempts to open the attached file, the attackers will use a known vulnerability in the Microsoft Equation Editor to plant a threat on the user’s computer. A Specially Crafted RAT In some of the launched campaigns, the threat that was planted on the victim’s system was the Poison Ivy RAT (Remote Access Trojan). However, the attackers have, apparently, decided to diversify their attacks and...

Posted on August 8, 2019 in Remote Administration Tools

AsyncRAT

The AsyncRAT is a project that seems to have been developed with educational purposes, or at least that is what its creator is claiming on their GitHub page. The AsyncRAT’s code is available on the previously mentioned GitHub page publicly. Once malware experts reviewed the code, it quickly became clear that the AsyncRAT can serve as a very threatening tool if it falls in the hands of ill-willing individuals. Capabilities The AsyncRAT is not too different from most RATs out there, but this does not make it any less threatening. This threat is able to record your keystrokes as it possesses a keylogging module. This is usually used to collect login credentials and other sensitive data. The AsyncRAT can also record video via the webcam on the compromised system, as well as record audio using the microphone. This RAT also sports an info...

Posted on August 8, 2019 in Remote Administration Tools

Clipsa

The Clipsa malware is a threat, which falls in the category of password collectors. The activity of the Clipsa malware seems to be concentrated in several regions – Brazil, India and the Philippines. The Clipsa malware project appears to be in its early stages, and it is likely that its authors may further weaponize this threat. Propagation Method The creators of the Clipsa malware have opted to disguise their threat as a fake media player or a fraudulent codec pack. The users are urged to install it if they want to be able to view the content on the website. Users online should be very wary of Web pages that require you to install additional software in order to view their contents as this is a commonly used trick to propagate various types of malware. Self-Preservation The Clipsa malware will store its corrupted files in system...

Posted on August 7, 2019 in Trojans

Brusaf Ransomware

The Brusaf Ransomware is a data-locking Trojan that has emerged recently. Upon spotting this new threat, malware researchers dissected it to find that it belongs to the STOP Ransomware family. Propagation and Encryption Experts are struggling to determine the infection vectors that the attackers have used to spread their threatening creation. Some speculate that spam emails containing macro-laced attachments, as well as bogus application updates and fake copies of reputable software tools may be among the propagation methods that the authors of the Brusaf Ransomware may have employed. If the user falls for the tricks of the Brusaf Ransomware and gives it access to their system, all their data will be scanned swiftly. This way, the Brusaf Ransomware determines the locations of the files, which will be locked later. Then, the encryption...

Posted on August 7, 2019 in Ransomware

Masok Ransomware

Cybersecurity researchers spot new data-locking Trojans daily. One of the most recent ones goes by the name Masok Ransomware. When inspected, the Masok Ransomware revealed to be a variant of the STOP Ransomware. Propagation and Encryption It is yet to be determined with any certainty what is the specific propagation method that has been employed in the spreading of the Masok Ransomware. Some experts believe that the creators of the Masok Ransomware have used the conventional methods of propagating ransomware threats – mass spam email campaigns alongside bogus software updates and pirated fake copies of various applications. When the Masok Ransomware manages to infiltrate a system, it will start the attack with a brief scan. The scan is used to determine the locations of the files, which will be marked for encryption. Then, the Masok...

Posted on August 7, 2019 in Ransomware

Lotej Ransomware

The Lotej Ransomware is among the latest data-locking Trojans emerged on the Internet. Once malware researchers spotted this brand-new threat, they dissected it and discovered that it belongs to the STOP Ransomware family. Propagation and Encryption Cybersecurity experts cannot yet determine the propagations methods that are employed in the spreading of this new file-encrypting Trojan. It is speculated largely that some of the most common methods of spreading ransomware threats may be at play in the case of the Lotej Ransomware too, namely fraudulent application updates, emails that contain corrupted attachments and pirated bogus copies of legitimate applications. When the Lotej Ransomware infects your PC, it will scan it. The scan is meant to locate all the files, which the Lotej Ransomware will later encrypt. Then, the encryption...

Posted on August 7, 2019 in Ransomware

Zatrov Ransomware

Malware researchers spot new data-locking Trojans on a daily basis. Some of them are more inventive and ambitious projects, while others are just variants of already existing ransomware threats. Today we are dealing with the latter type in the face of the Zatrov Ransomware. This file-encrypting Trojan belongs to the infamous STOP Ransomware family. Propagation and Encryption Researchers are yet to agree on what propagation method had been employed in the spreading of the Zatrov Ransomware. Some of them speculate that the authors of the Zatrov Ransomware have likely used the well-established methods such as spam emails that contain macro-laced attachments, fraudulent application updates, and pirated fake copies of legitimate software. If the Zatrov Ransomware manages to infiltrate your computer, it will scan it to discover the locations...

Posted on August 6, 2019 in Ransomware

Gwmndy Botnet

Many cybercriminals opt to create botnets as they can be used in many different ways. For example, a network of hijacked computers can be used to launch DDoS (Distributed-Denial-of-Service) attacks. Another purpose for them is for cryptocurrency mining where the operators of the botnet employ unsuspecting users' computers to mine cryptocurrency for them, which can be very profitable. With more and more devices becoming 'smart' and having the option to connect to the Internet, cyber crooks have found a new niche to attack. This gave the rise of the IoT (Internet-of-Things) botnets. One such example is the Gwmndy Botnet. Only 200 New Infected Devices Daily The operators of the Gwmndy Botnet have chosen to keep it on the down-low by only infecting about 200 IoT devices a day. This is likely done so that malware researchers have a harder...

Posted on August 6, 2019 in Botnets

Lord Exploit Kit

High-profile hacking groups often develop new exploit kits, which are weaponized heavily and very threatening. However, there are some low-skilled ill-minded actors who also attempt to create exploit kits. Unlike the state of art malware that high-skilled hackers can build, these low-effort exploit kits are almost laughable. For example, some of these so-called exploit kits are just using public, proof-of-concept (PoC) exploits for popular plugins and software like Adobe Flash Player or Internet Explorer. The PoC exploit code is embedded in websites, and the only thing left to do is to lure users to visit the landing page laced with the Lord Exploit Kit. Attempts to Exploit Adobe Flash Player The threat actors may often rely on shady ad networks to publish what looks a legitimate advertisement. However, what neither the user nor the ad...

Posted on August 6, 2019 in Malware

Prandel Ransomware

The Prandel Ransomware is among the newest ransomware threats that were spotted by cybersecurity researchers recently. Some cybercriminals that are more tech-savvy build their own data-locking Trojans while others rely on already existing threats. Such is the case of the Prandel Ransomware. This ransomware threat is a variant of the very popular STOP Ransomware. Propagation and Encryption Malware experts have been unable to tell the exact methods of propagation that the creators of this ransomware threat are using. It appears that the authors of the Prandel Ransomware may have used mass spam email campaigns, bogus software updates, and pirated fake copies of popular applications as infection vectors to spread their creation. Once the Prandel Ransomware manages to compromise a system, it will begin the attack by scanning the files...

Posted on August 6, 2019 in Ransomware

Amadey

The Amadey hacking tool is a botnet builder, which was developed by unknown ill-minded actors and is being sold on various hacking forums. It first appeared at the start of 2019. This threat also can be used as a first-stage payload that can introduce more malware to the host. Initially, the Amadey hacking tool costs $500 approximately. This threat gained some traction and appears to have sold well as malware researchers have spotted the Amadey tool being used in many different campaigns worldwide. Even the infamous TA505 hacking group got its hands on the Amadey threat. Operates Silently Amadey operators can access the administrator panel via their Web browser, and use it to command the infected systems. However, all of this is carried out very silently and out of the sight of the user. It is likely that the victims may not even...

Posted on August 5, 2019 in Malware