DaVinci Ransomware

The DaVinci Ransomware is an especially threatening piece of malware that has both screenlocker and data wiper capabilities. This means that it departs from the usual behavior displayed by ransomware threats. The majority of them simply encrypt the files but do not delete them from the compromised machine's drives. The DaVinci Ransomware still leaves a ransom note, though, displayed in an image placed on the locked screen. In another departure from what is considered typical, the criminals behind this malware want their victims to subscribe to the DaVinci Youtube channel, follow the dvsvmvk_x Instagram account, apart from sending $300 in Bitcoin to the following wallet address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94. Once the payment is sent, the affected users have to contact the hackers by writing an email to...

Posted on August 20, 2020 in Ransomware

FritzFrog

FritzFrog is the name of an incredibly sophisticated botnet attacking SSH servers to deploy a Monero-mining malware. The characteristics of the campaign and the deployed malware, as detailed in a report by the security researchers at Guardicore, make it wholly unique and quite effective. The FritzFrog worm, written in Golang, and the underlying code and fileless peer-to-peer (P2P) implementation were created from scratch, showing that the hackers behind it have tremendous experience as software developers. FritzFrog Leaves No Trace The deployed malware payload is fileless as it operates in the infected machine's memory entirely. Once inside, the FritzFrog worm initiates several threads, each having a specific purpose. The thread called 'Cracker' is engaged in brute-forcing access to new victims while 'DeployMgmt' spreads the malware to...

Posted on August 20, 2020 in Botnets

BLINDINGCAN

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new cybersecurity advisory detailing a new malware threat that has been employed by hackers sponsored by the North Korean government. The name given to the malware by CISA is BLINDINGCAN, but it also can be found as DRATzarus in reports from private cybersecurity firms. The malware was observed being deployed against U.S. and international companies operating in the critical military and aerospace sectors. The script used in the attacks had the North Korean hackers pose as recruiters from well-known corporations to approach employees at the targeted companies without raising too much suspicion. Once contact was established, the criminals pretended to carry out a legitimate interviewing process during which they pushed various compromised PDF or Office...

Posted on August 20, 2020 in Malware

Rlargedhea.club

Rlargedhea.club is a browser-based tactic that displays a fake error message on its website. The message says: “Rlargedhea.club wants to Show notifications Click Allow to confirm that you are not a robot!” Its purpose is to persuade the visitors of the website to subscribe to its push notifications. Then, the Rlargedhea operators can earn profits from third-party agents by sending advertising content to the computers of all users who subscribed to these browser notifications directly. This Internet tactic is potentially harmful to users as the commercial advertisements that it delivers may contain links to online gaming pages, websites with adult content or links to fake or cracked software. Clicking on any of Rlargedhea.club pop-ups may lead to additional malware being installed on the user’s computer or mobile phone. If you see...

Posted on August 20, 2020 in Browser Hijackers

Torresenta.club

Torresenta.club is an unsafe website that attempts to gain your permission to send you push notifications containing third-party content. If you visit Torresenta.club, you will see a message with the following text: “Torresenta.club wants to Show notifications Click Allow to confirm that you are not a robot!” It is a fake message, and its purpose is to trick you into clicking on the “Allow” button, which will allow Torresenta.club to display advertising content on your device directly. You will see numerous advertisements and banners of pages with adult content, online games, or freeware programs, even if no browser is launched on your computer currently. Torresenta.club also can hijack your browser, replace its homepage and default search engine with other URLs, and redirect you to unknown websites. All links and advertisements that...

Posted on August 20, 2020 in Browser Hijackers

Wellmovies.best

Wellmovies.best is an Internet tactic that exploits misleading social engineering techniques to make users subscribe to its browser notifications. Wellmovies.best operates through its own website, wellmovies.best, which displays a fake error message, claiming that visitors of the website should click on the “Allow” button to view certain content: “Wellmovies.best wants to Show notifications Click Allow to watch the video” This tactic's ultimate goal is to get users’ permission to deliver advertising pop-ups and banners straight to their computers. Thus, if you hit the “Allow” button on wellmovies.best, your device will be flooded with potentially corrupted spam notifications about adult websites, online games, fake updates and so on. The advertisements and links that Wellmovies.best delivers could lead to infected files on the...

Posted on August 20, 2020 in Browser Hijackers

Satellite and Earth Maps

The Satellite and Earth Maps is a browser extension that was designed with a singular goal - hijack the user's browser and force it to open a fake search engine. All other supposed features, such as links to maps or route generation, are only there to trick the user into installing the application. The Satellite and Earth Maps, a Possibly Unwanted Program (PUP), reveals its true intentions almost immediately after running on the computer. The Satellite and Earth Maps changes the default homepage, new page tab, and search engine to redirect to search.hsatelliteandearthmaps.com. The Satellite and Earth Maps also locks them, thus preventing the user from reverting to the old settings easily. As is typical for these fake search engines, search.hsatelliteandearthmaps.com cannot produce results on its own and instead uses a legitimate search...

Posted on August 19, 2020 in Potentially Unwanted Programs

Access Online Forms

Access Online Forms is a browser extension that wants to help users by providing links to useful forms, as well as a forms search feature. However, that is not all; it also displays personalized weather forecasts and quick links to popular shopping and social websites. While it may sound appealing, installing this application that is classified as a Possibly Unwanted Program (PUP), would only deliver a rather nasty surprise to the trusting user, in the form of a browser hijacker. Access Online Forms' entire purpose is to promote a fake search engine and generate money by displaying sponsored advertisements. To achieve its goal, Access Online Forms modifies the default browser settings - instead of the usual Web pages set by the user, the homepage, new page tab, and the default search engine will be set to redirect to...

Posted on August 19, 2020 in Potentially Unwanted Programs

SearchWorld

SearchWorld is a Possibly Unwanted Program (PUP) with browser hijacker features, dedicated to the promotion of toksearches.xyz, a fake search engine. Applications such as these often boast having multiple useful features, but, in reality, they are barely functional. Apart from their browser hijacker capabilities, of course. Once installed on the computer, with the knowledge of the user or through deceptive distribution methods such as bundling, SearchWorld sets on to tailor the Web browser to its own needs. The homepage, new page tab, and the default search engine will be changed to toksearches.xyz. As a result, every search query entered by the user will be carried out through toksearches.xyz. This engine, however, is incapable of producing a list of relevant search results, and instead, it first redirects to smashapps.net before...

Posted on August 19, 2020 in Potentially Unwanted Programs

'LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL' Ransomware

There is always a risk of downloading copyrighted material. Outside of the obvious legal risks of torrenting, torrents constitute a significant source of ransomware and viruses. Hackers either include malware in their cracking programs or disguise viruses as copyrighted material. The LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL ransomware, contrary to the name, can still find ways to infect people who never download copyrighted material. What is LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL Ransomware? The LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL ransomware is a virus program that falls under the category of ransomware. The virus has very little to do with actual copyright infringement. The name is just a scare tactic to trick people into paying the ransom demand. The malware encrypts data and requests payment for decryption, just...

Posted on August 19, 2020 in Ransomware

TeamTNT Criminal Group

TeamTNT is the name given to a cybercrime group that specializes in crypto-mining operations. While there was little to differentiate them from the rest of the other hacker groups carrying out these types of attacks initially, it appears that TeamTNT is evolving its operations and have now been reported to be able to collect Amazon Web Services (AWS) credentials from the infected servers. When TeamTNT first caught the attention of cybersecurity researchers, it was targeting Docker systems that had been configured incorrectly primarily and had management-level API without password protection left open to the Internet. Once inside the network, the hackers would deploy servers that would carry out DDoS and crypto-mining operations. The TeamTNT Criminal Group is Evolving Since then, however, the hackers have managed to expand their...

Posted on August 19, 2020 in Advanced Persistent Threat (APT)

Duri Malware

Duri is the name given to an ongoing cyberattack detected by the researchers at Menlo Security. The hackers have employed HTML smuggling and data blobs to bypass traditional network security solutions such as sandboxes and proxies and deliver malware payloads. HTML smuggling is an attack method that doesn't exploit system vulnerabilities or weaknesses. Instead, the hackers take advantage of legitimate HTML5/JavaScript features to initiate file downloads. The particular method used in the Duri campaign involves the creation of a JavaScript blob that possesses the MIME-type required for the download of files on the targeted computer. HTML smuggling is effective against security tools that rely on the transfer of files through the wire, particularly. In the Duri attack, however, the entire malware payload gets created on the victim's...

Posted on August 19, 2020 in Malware

SimplyDIYOnline

SimplyDIYOnline is a browser hijacker designed by the company Mindspark Interactive Network to popularize a fake search engine known as hp.myway.com. Malware researchers also categorize it as a Potentially Unwanted Application (PUA) because it is usually integrated within a bundle of other similar tools and added to the installer of some attractive freeware that computer users download and install on their machines willingly. PUAs also spreads through advertisements and links on untrusty websites. SimplyDIYOnline should be removed immediately, as it puts at risk the user’s online safety and privacy. When SimplyDIYOnline penetrates a device, it changes the browser’s homepage, new tab URL and default search engine to hp.myway.com. This is not a legit search engine. It does not show unique search results; instead, it delivers results from...

Posted on August 19, 2020 in Potentially Unwanted Programs

RunningOptimizer

RunningOptimizer is a Possibly Unwanted Program (PUP) that redirects browser homepages and search queries through the fake search engine RunningOptimizer Search to generate advertising revenue for its owners. After that, the user is redirected to search result pages of search.yahoo.com. If your computer has been infected with RunningOptimizer, you will notice several characteristic symptoms: Your browser default homepage has been modified automatically. You are being redirected to unknown pages on the Internet or get numerous advertisements and pop-ups. Suspicious browser extensions or programs have been installed on your PC automatically. RunningOptimizer is classified as a PUP because its sneaks into users’ devices through corrupted advertisements or links, or gets bundled within the installation package of another program that users...

Posted on August 19, 2020 in Mac Malware

Go To My News

The Go To My News is a Potentially Unwanted Program (PUP) with the characteristics of a browser hijacker. To perform its ill-minded activities, the Go To My News installs on a computer as a browser extension or a custom-built browser based on Google Chromium. In the second case, this PUP will dock a toolbar at the top of your Windows desktop, which will look like the regular Chrome browser exactly. Most people will use it without a doubt in its legitimacy Regardless of which method the Go To My News employs, it makes changes to your browser that will lead to a deteriorating Internet surfing experience eventually. Your Web browser’s homepage and default search engine will be replaced with search.hgotomynews.com. Whenever you open a new tab or make a search query, you will be redirected to this fake search engine. The Go To My News also...

Posted on August 19, 2020 in Potentially Unwanted Programs