'YOU ARE THE CHOSEN!' Pop-Ups

Users who tend to browse dodgy websites often encounter several issues as such Web pages work hand in hand with shady advertisement networks and other dubious services. Shady websites include pages hosting adult content, gambling platforms, illicit streaming sites, bogus giveaway Web pages, etc. Visitors of such websites are likely to come across the ‘YOU ARE THE CHOSEN!’ pop-ups. These fake pop-ups claim that the visitors have won a prize, and to claim it, they have to complete a few steps. To make this tactic more believable, its authors have also built a fake page with bogus reviews from non-existing individuals who claim to have won the prize in question. The Con-Artists may Utilize Various Tricks There are several tricks the ‘YOU ARE THE CHOSEN!’ pop-ups may attempt to pull on the user. One of them is tricking them into allowing...

Posted on January 20, 2020 in Adware

70 Thousand Tinder Photos Stolen by Hackers and Shared Online

70 Thousand Tinder Photos Stolen by Hackers and Shared Online screenshot

More than 70 thousand photos of Tinder users are being shared across members of an online cybercrime forum.  At this time only women are being targeted. Reporters found out from New York City's cyber sexual assault task force. They were told the images were found on a website which deals with malicious software. The photo dump was accompanied by a text file that contains the user IDs of 16 thousand users as well. That may account for the total amount of people affected by the leak. The reason behind the theft is unclear The reason for the collection of these photos is unclear. Still, their availability for criminals online opens the possibility they may be used for harassment or scams....

Posted on January 20, 2020 in Computer Security

JhoneRAT

The JhoneRAT is an impressive RAT (Remote Access Trojan) whose activity has spiked recently. After studying this threat, malware analysts concluded that it has likely been built from the ground up. This is not unusual, but many authors of RATs prefer to borrow the code of existing threats instead of building a tool from scratch. According to the experts, the JhoneRAT is written in the Python programming language. Propagation Method The JhoneRAT is being distributed with the help of spam email campaigns. This is a very popular propagation method when it comes to spreading malware. Usually, the spam emails would contain a corrupted attached file. This is the case with the JhoneRAT too. The attachments used in the propagation of the JhoneRAThave two types – one claims to be an important document that has to be opened urgently, while the...

Posted on January 17, 2020 in Remote Administration Tools

LALALA Infostealer

Malware researchers have uncovered a brand-new infostealer pestering users online. This threat is dubbed the LALALA Infostealer, and it is not known who are the developers behind it. The goal of the LALALA Infostealer is to sneak into their target’s system silently, collect information, and then exfiltrate the gathered data to the attackers’ C&C (Command & Control) server. Gathers, Compresses and Transfers Data to the Attackers’ C&C It appears that the authors of the LALALA Infostealer are using spam email campaigns to propagate this threat. Usually, this includes a fake message and a macro-laced attachment. Users who fall for this trick and launch the attached file would allow the threat to compromise their system. Upon infecting a targeted PC, the LALALA Infostealer will make sure that a VBS file is executed every minute. The VBS...

Posted on January 17, 2020 in Trojans

Picocode Ransomware

Cybersecurity analysts have uncovered a new data-encrypting threat targeting unsuspecting users online. The name of this new threat is the Picocode Ransomware. This ransomware threat may have been built from scratch as it does not appear to be a variant of any of the popular file-locking Trojans known to malware researchers. Propagation and Encryption Many authors of ransomware threats use spam emails to spread their threatening creations. The emails in question tend to contain a macro-laced attachment and a fraudulent message that urges the user to execute the attached file. Corrupted advertisement campaigns, bogus applications downloads, updates, and torrent trackers are also among the popular propagation methods used by ransomware authors. The Picocode Ransomware is designed to cause maximum damage to the compromised host. This is...

Posted on January 17, 2020 in Ransomware

Creditcable.info

A growing number of individuals with questionable moral compasses are setting up bogus websites that provide no value to their visitors. An example of this is the Creditcable.info page. This website’s sole purpose is to trick its visitors into providing it with permission to display Web browser notifications. The reason behind this is simple – the operators of the Creditcable.info website will bombard users with unwanted advertisements via their Web browser notifications. Users who have come across the Creditcable.info site have likely been browsing dodgy pages like adult entertainment websites, illicit streaming platforms, etc. Attempts to Trick the Visitor Using Various Techniques To get the user’s permission to display Web browser notifications, the Creditcable.info site may try several tricks. This website is known to present its...

Posted on January 17, 2020 in Browser Hijackers

Bopador Ransomware

The Bopador ransomware is a new name for a Djvu ransomware clone. Djvu is also commonly referred to as the STOP/Djvu ransomware, as it is part of a family of threats that share a lot of common features. A huge amount of STOP/Djvu ransomware variants were decrypted in late 2019, with even more variants added to the free decryption tool towards the end of the year. In light of the ransom amount that Bopador demands, the ransomware is obviously intended for spam email campaigns and targets individual users and not large businesses. It's not too clear when exactly Bopador started infecting victims but it's safe to say that the influx of infection reports started in the second half of 2019. Bopador copies STOP/Djvu in almost every respect. Its only defining feature that separates it from Djvu is that encrypted files receive the ".bopador"...

Posted on January 16, 2020 in Ransomware

Adhubllka Ransomware

Cybersecurity analysts have uncovered a new file-locking Trojan plaguing users online. Its name is Adhubllka Ransomware. Most authors of ransomware threats depend on ransomware building kits or readily available code from already established data-encrypting Trojans. This means that even inexperienced cybercriminals can create and spread a ransomware threat easily. It is not yet clear whether the Adhubllka Ransomware is built from scratch or its authors relied on the code of an existing threat to create this pest. Propagation and Encryption A large number of cyber crooks who propagate ransomware threats often rely on mass spam email campaigns to distribute their creations. The targeted user would receive an email that contains a bogus message and a corrupted attachment. The fake message’s goal is to trick the users into launching the...

Posted on January 16, 2020 in Ransomware

PowerTrick

The TrickBot hacking group is back in the news with a new backdoor Trojan called PowerTrick. The TrickBot hacking group tends to target businesses and institutions involved in the financial sector. The PowerTrick backdoor Trojan is not used as a first-stage payload. Instead, the TrickBot hackers employ it at a later stage of the campaign as it would ensure further control over the infected system. The TrickBot hacking group consists of very experienced individuals who know what they are doing when it comes to cybercrime. This is no surprise that once again, they are going after high-end targets. Of course, to carry out a successful campaign against such targets, the

Posted on January 16, 2020 in Backdoors

Weather Forecaster

The Weather Forecaster Web browser extension is listed as a PUP (Potentially Unwanted Program) by various anti-malware tools. This Web browser extension is compatible with both Google Chrome and Mozilla Firefox. It is likely that its developers have chosen to target these two Web browsers, as they are the most popular ones worldwide. Does not Provide Any Valuable Features The Weather Forecaster Web browser extension promotes itself as a helpful extension that will aid its users in finding out information regarding current weather conditions. It also claims to provide users with a reliable weather forecast. However, authors of fake extensions like the Weather Forecaster do not provide their users with any unique features or tools. Instead, they rely on publicly available tools and promote their product as unique when nothing can be...

Posted on January 16, 2020 in Potentially Unwanted Programs

'Your Windows 10 is infected with 5 viruses!' Pop-Ups

Users who come across the ‘Your Windows 10 is infected with 5 viruses!’ pop-ups have likely been browsing dodgy content online. Shady websites like adult entertainment, dubious gambling platforms, or pages streaming pirated media can surprise their visitors with bogus pop-ups like the ‘Your Windows 10 is infected with 5 viruses!’ alerts. Likely Attempts to Sell Fake Anti-Malware Tools The ‘Your Windows 10 is infected with 5 viruses!’ pop-ups are crafted to look legitimate specifically. This way, the users may believe that their systems have been scanned by a genuine anti-malware tool, and is warning them. Another social engineering trick used by shady individuals who create fake pop-ups is instilling a sense of urgency. The user is warned that their computers are infected with not one, but five threats. This serves to pressure the user...

Posted on January 16, 2020 in Adware

Faketoken

A growing number of cyber crooks are getting into the business of building malware targeting Android devices. Among the threats targeting devices running the Android OS is the Faketoken Trojan. This threat is not brand new; in fact, malware researchers had first spotted its activity back in 2017. However, the operators of the Faketoken Trojan are not slacking – they keep updating this threat to ensure it is capable of avoiding detection by security tools. Some of their updates include the further weaponization of the Faketoken Trojan too. Propagation Methods The Faketoken threat can serve both as a reconnaissance tool, as well as a banking Trojan. So far, it has been reported that there are two infection vectors involved in the propagation of the Faketoken Trojan. It would appear that some users who been tricked into allowing this...

Posted on January 15, 2020 in Trojans

5ss5c Ransomware

One of the newest spotted ransomware threats in the wild has been dubbed the 5Ss5c Ransomware. When malware researchers studied this new Trojan, they found that this is not a threat built from scratch. Instead, the creators of the 5Ss5c Ransomware have based this Trojan on the already existing Satan Ransomware. This is a common method used by a large number of ransomware authors, as it is much more time-efficient and far easier. Propagation and Encryption The 5Ss5c Ransomware is likely being spread with the help of phishing emails. Normally, a bogus email would contain a fake message and a corrupted attached file, often a document that appears important. This is how authors of ransomware often manage to trick users into launching the unsafe attachment on their systems. Other commonly used propagation methods include torrent trackers,...

Posted on January 15, 2020 in Ransomware

Horsedeal Ransomware

Malware analysts spot new ransomware threats on a daily basis. The barrier of entry, regarding data-locking Trojans, is rather low. This happens because even cybercriminals with little to no experience can create and distribute this threat. This can be mastered with the help of various ransomware building kits. One of the latest file-encrypting Trojans to emerge on the Web was named the Horsedeal Ransomware. Propagation and Encryption The techniques involved in the propagation of the Horsedeal Ransomware are yet to be uncovered. Some cybersecurity researchers speculate that the authors of the threat may be utilizing malvertising campaigns, bogus pirated copies of popular software tools and media, torrent trackers, mass spam email campaigns, etc. Upon infiltrating a targeted machine, the Horsedeal Ransomware will trigger a scan on all...

Posted on January 15, 2020 in Ransomware

Online TV Streamer

Some browser extensions can prove to be very useful and of great benefit to their users. Regretfully, this is not the case with all browser extensions. Shady actors online tend to create browser extensions that are not only no great to use but also may hinder the browsing quality of their users. Regardless of their lack of usefulness and quality, such dodgy Web browser extensions often promise their users helpful features and good tools. Needless to say, this is nothing more than blatant lies. One of the countless useless extensions prying on unsuspecting users online is the Online TV Streamer extension. Applies Changes to the User's Web Browser without Their Knowledge The end goal of this dodgy extension is to redirect the user's traffic to affiliated sites. This is how the operators of the Online TV Streamer extension are generating...

Posted on January 15, 2020 in Potentially Unwanted Programs