CryptoPatronum Ransomware

The CryptoPatronum Ransomware is one of the most recently spotted data-locking Trojans circulating the Web and seeking victims. Cybercriminals' interest in distributing ransomware threats do not seem to be winding down. Likely, the low-entry barrier and the fact that it is fairly easy to generate cash may be the main reasons behind the popularity of file-encrypting Trojans. Dealing with a ransomware threat is not a pleasant experience certainly – these Trojans would infiltrate your system, encrypt your data and blackmail you into paying them a fee. Propagation and Encryption There are several propagation methods that are very popular when it comes to infection vectors linked to ransomware threats. Spam emails containing macro-laced attachments, fake software updates, and downloads, torrent trackers, malvertising campaigns, bogus...

Posted on January 28, 2020 in Ransomware

2NEW Ransomware

Cybersecurity analysts spot new ransomware threats lurking on the Web almost daily. Building and propagating threats of this type are easier than one may think. There are many freely available ransomware-building kits that help low-level cybercriminals create and propagate data-encrypting Trojans that would lock their targets' data, enabling the attackers to extort the users for their hard-earned money. One of the last threats of this class has been dubbed the 2NEW Ransomware. This newly uncovered file-encrypting Trojan belongs to the notorious Dharma Ransomware family. The Dharma Ransomware family was the second most active ransomware family throughout the whole year of 2019, claiming numerous victims all around the world. Propagation and Encryption Malware researchers are not certain how the creators of the 2NEW Ransomware are...

Posted on January 28, 2020 in Ransomware

Younwild.com

The Younwild.com is a fake website, like numerous others, that has one sole purpose induce its visitors to grant it permission to display Web browser notifications. Web browser notifications can be very helpful as long as they are utilized correctly and are displayed by legitimate websites. For example, genuine Web pages can inform their visitors about breaking news, send them reminders, or inform them about new deals via the user's browser notifications. However, shady sites like the Younwild.com page utilize the users' Web browser notifications to flood them with unwanted and often irrelevant advertisements. Tricks Users into Permitting Web Browser Notifications Unfortunately, not only are the constant notifications irritating and disruptive, but they may be pushing fake services and low-quality products too. To generate revenue,...

Posted on January 28, 2020 in Browser Hijackers

Rewardsawesome.com

There are countless tricks used by con-artists online to generate revenue off the backs of unsuspecting users. One of the old tricks in the book is bogus giveaways and fake raffles. The operators of the Rewardsawesome.com website have taken this approach. This dodgy Web page would implement a variety of social engineering tricks to convince the user to follow its instructions. Attempts to Look Legitimate by Associating With Popular Brands Visitors of the Rewardsawesome.com website are likely to be presented with a fake pop-up window that claims they have won an amazing prize. However, the site would state that the user needs to follow the instructions they are presented with if they want to claim the amazing prize in question. In an attempt to make their page look legitimate, the operators of the Rewardsawesome.com website claim to be...

Posted on January 28, 2020 in Browser Hijackers

Usinesmycete.info

Like many other websites of this kind, the Usinesmycete.info is a dodgy page whose sole purpose is to trick its visitors into allowing it to display Web browser notifications. Such websites tend to trick users into believing they are hosting engaging content like an interesting video or a gallery of high-quality images. However, this is never the case, and if visitors fall for this trickery, they may allow the shady page to display notifications in their Web browser. Of course, Web browser notifications can be a useful tool if they are in the right hands. Legitimate websites often ask for permission to display Web browser notifications in order to keep their visitors up to date with new deals, latest gossip, or breaking news. However, dodgy websites like the Usinesmycete.info provide no content of value, and you should not allow them...

Posted on January 27, 2020 in Browser Hijackers

Xiny

Some cyber crooks prefer to target a low-hanging fruit instead of going after big fish. This is the case with the developers of the Xiny malware who have chosen to target users who are still using outdated software. This threat is a Trojan that targets exclusively Android devices. The Xiny Android Trojan targets outdated variants of the Android OS. This Android Trojan has been operating for several years now. Around 12% of the victims of the Xiny Trojan appear to be using Android 4, which is an OS that was first released back in 2011. Needless to say, using an OS that is nearly a decade old is neither safe nor wise. Outdated software usually has a number of vulnerabilities that can easily be exploited by cybercriminals. However, the Xiny Trojan is also capable of infiltrating devices that run Android versions 5 to 9. Capabilities Once...

Posted on January 27, 2020 in Malware

AlphaBetaCrypt Ransomware

Among the most popular threats online are data-locking Trojans. The popularity of these malware kind stems from the fact that any rookie cyber crook can build a threat using a ransomware building kit and quickly start generating cash. The AlphaBetaCrypt Ransomware is one of the newest threats of this type. This threat operates in a similar manner to most file-encrypting Trojans - compromises a user's system, locks their files, and then demands them to pay a ransom fee while promising to provide them with a decryption key. Propagation and Encryption Although there is no confirmation regarding the propagation method used in the distribution of the AlphaBetaCrypt Ransomware, there are some speculations. Malware researchers think that the likely infection vectors may include bogus application updates, malvertising campaigns, spam emails...

Posted on January 27, 2020 in Ransomware

Installflash-upgrade.com

Many low-level shady actors online choose to build dodgy websites that are used for the promotion of fake application updates. One of the most commonly pushed application updates are updates for the Adobe Flash Player. This trick is so popular because most regular users online would have the Adobe Flash Player installed on their system. While the majority of bogus application updates usually serve to promote the installation of PUPs (Potentially Unwanted Programs), some push more threatening software like Trojans. It would appear that the operators of the Installflash-upgrade.com website promote different applications periodically. Some visitors of the website report that they were asked to download and install a dodgy application meant to optimize their PC performance. Others state that the Installflash-upgrade.com page pushed a...

Posted on January 27, 2020 in Browser Hijackers

Zahkit.pro

Operators of dubious websites are known to use countless social engineering techniques to convince the users to take actions they otherwise would not. One of these tricks is tricking the visitor into believing that their dodgy website is hosting very entertaining content that they can only view if they comply with the website's requests. Often the page would require the user to either install a fake update of the Adobe Flash Player or click on the 'Allow' button they are presented with. The creators of the Zahkit.pro have taken the latter approach. Tricks Users into Allowing Web Browser Notifications Upon visiting the Zahkit.pro website, users will be asked to click on the 'Allow' button if they wish to view the content of the page. However, visitors of the Zahkit.pro site who click on the 'Allow' button will not be presented with the...

Posted on January 27, 2020 in Browser Hijackers

Dengelmeg.com

The Dengelmeg.com site is a page that would attempt to hijack your Web browser’s notifications to promote dodgy products and shady services. While Web browser notifications can be a useful tool if used the correct way, dubious websites only use them to bombard their visitors with unwanted and irrelevant advertisements. Promotes Dodgy Products and Shady Services Operators of dodgy pages like the Dengelmeg.com site tend to use a variety of tricks to get the user to allow them to display Web browser notifications. It would appear that the Dengelmeg.com site claims to host adult content as its visitors are asked to confirm their age. However, this is nothing more but a trick as clicking on the button that is meant to confirm your age will actually give the shady page permission to display browser notifications. It is far more likely for...

Posted on January 24, 2020 in Browser Hijackers

Seriorladded.info

There are countless shady websites online that do not host any valuable content and whose main goal is to promote dodgy products and bogus services. Among these dubious Web pages is the Seriorladded.info site. The operators of the Seriorladded.info generate revenue by hijacking their visitors' Web browser notifications and bombarding them with advertisements. Presents Visitors with a Bogus CAPTCHA To trick users into allowing the Seriorladded.info site to display Web browser notifications, the dodgy page would require them to click on the 'Allow' button that is supposedly going to confirm that they are not a robot. However, this is not a real CAPTCHA, and clicking on the 'Allow' button will enable the Seriorladded.info website to begin spamming the user with unwanted advertisements via their Web browser notifications feature. This is a...

Posted on January 24, 2020 in Browser Hijackers

Getmackeepersoftpro.xyz

The Getmackeepersoftpro.xyz Web page is a dodgy site whose purpose is to promote PUPs (Potentially Unwanted Programs) targeting Apple devices. Once a visitor launches the Getmackeepersoftpro.xyz page, the site will detect what device the user is utilizing. This website can determine the model and the brand of the user's system. The visitor will be greeted with a bogus pop-up window that advertises a VPN service for Mac computers. Alternatively, if the user is visiting the odgy site via their iPhone or iPad, they will be presented with a similar pop-up message promoting an application for their device. It is crucial for users to avoid downloading any software from shady or unconfirmed sources as the products they promote are not reliable and may end up harming your system. Promotes Dodgy VPN and Similar Services It would appear that...

Posted on January 24, 2020 in Browser Hijackers

Topi Ransomware

One of the newest copies of the STOP Ransomware is called the Topi Ransomware. The creators of the Topi Ransomware have borrowed the code of the notorious STOP Ransomware and altered it slightly to fit their needs. The STOP Ransomware family was the most active one throughout the entire 2019, with over 200 copies of the threat circulating the Web. Propagation and Encryption Authors of ransomware threats tend to use a variety of infection vectors to propagate these nasty Trojans. It is likely that the most popular propagation methods are spam email campaigns. The attackers would send the targeted user an email that contains a message riddled with social engineering tricks. The o of the fake message is to trick the user into opening the file attached to the email. Usually, the attached file is macro-laced, and launching it would...

Posted on January 24, 2020 in Ransomware

Reha Ransomware

The Reha Ransomware is among the most recently uncovered file-encrypting Trojans. Once spotted and dissected, this threat revealed that it is a variant of the infamous STOP Ransomware. During 2019 the STOP Ransomware family claimed countless victims as it emerged as the most active ransomware family throughout the entire year. The Reha Ransomware would compromise a user's PC, lock all their files, and then present them with a ransom note asking for cash in return for a decryption key. Propagation and Encryption Malware researchers have not yet identified with any certainty what is the infection vector responsible for the spreading of the Reha Ransomware. Some speculate that the authors of the Reha Ransomware may be utilizing spam emails containing macro-laced attachments. It is also likely that the attackers may be using malvertising...

Posted on January 24, 2020 in Ransomware

Beware: Fake FedEx Text Alerts and Emails Used in New Scam

Beware: Fake FedEx Text Alerts and Emails Used in New Scam screenshot

There is an awful lot of spam making the rounds, both in email and mobile text format. With an average of 300 billion emails being sent every day and the majority of those being spam that has unsolicited or malicious content, spam is a very serious issue. With so much of it going around, it is no wonder that there are bad actors out there who pretend they represent huge corporations and household names. FedEx happens to be among those names. In early 2020 there have been reports of mobile texts that claim the recipient has a package being delivered by FedEx, with a link in the text that is supposedly used to "set delivery preferences". The fake texts use that link to take the victim to a...

Posted on January 24, 2020 in Computer Security