Wanna Dead Ransomware

There are countless ransomware threats circulating the Internet, and new ones are emerging daily. The Wanna Dead Ransomware is one of these brand-new data-locking Trojans. When security experts studied this threat, they found out that the Wanna Dead Ransomware is a variant of the very popular Hidden Tear Ransomware. Does not Attack Iranian Computers An interesting characteristic of the Wanna Dead Ransomware is that it is programmed to check whether the compromised system’s language is set to Persian or the Time Zone is set to Iran. In case it is, the Wanna Dead Ransomware will halt the attack. It is likely that this threat may originate from Iran and its authors have decided to spare their fellow countrymen in a strangely expressed act of patriotism. Infecting a System It is not disclosed what is the exact infection vector involved in...

Posted on July 12, 2019 in Ransomware

Godes Ransomware

The Godes Ransomware is one of the numerous ransomware threats, which have been emerging recently. When cybersecurity researchers spotted it, they dissected the threat and found out that it belongs to the widely known STOP Ransomware family. Infection and Encryption Malware experts have been unable to determine what is the propagation method applied in the spreading of this file-locking Trojan. Some believe that the creators of the Godes Ransomware may be using bogus application updates, mass spam email campaigns, and corrupted pirated software to propagate their threat, as these are among the most common techniques of spreading malware. The newly infected machines will be scanned so that the Godes Ransomware can determine the locations of the files, which will be marked for encryption. When this phase is completed, the Godes...

Posted on July 12, 2019 in Ransomware

Pitou

Pitou is a bootkit, which seems to be a boosted version of an older threat. It is likely that the authors of the Pitou bootkit got inspired by the Srzizbi rootkit and used its code to build their creation. The creators of the Pitou bootkit have introduced some big improvements to this threat. The Pitou malware gets planted in the MBR (Master Boot Record) of the hard drive and thus becomes very difficult to spot and can remain undetected by anti-malware software for a long time. Persistence The Pitou bootkit gains persistence that does not depend on software or operating system settings - the malevolent program may persist even if Windows is reinstalled. The classic rootkit relies on emulating a system driver that will give the malevolent program administrative rights on the compromised host, as well as persistence that does not rely on...

Posted on July 12, 2019 in Malware

Coldroot RAT

Mac users are sometimes seen as an easy target by cybercriminals. This is because Apple users have a false sense of security when it comes to their machines, thinking they are practically impenetrable by malware. This mindset has caused quite a few Apple users a fair bit of headaches. The Coldroot RAT is a Remote Access Trojan, which has been built to target OSX, Windows, and Linux. The Project The first time that the Coldroot RAT was noticed was on a security scan service online. The creators of the Coldroot RAT have a YouTube channel where they state that their project is going to be available on the market for anyone willing to pay. They even have an official website, and it seems that the Coldroot RAT has been in the works since 2016. Despite the promises on the YouTube channel, the Coldroot RAT is still not available publicly,...

Posted on July 12, 2019 in Remote Administration Tools

KASPERAGENT

It seems that when it comes to cybercrime, ill-minded actors in the Middle East have a particular taste for espionage. Some prefer to target Android devices, such as the campaigns of the Two-Tailed Scorpion hacking group, which has ties to the terrorist organization Hamas. Others go for the more well-trodden path of malware targeting PCs. This is the case with the operations involving the MICROPSIA and KASPERAGENT families. The KASPERAGENT doubles as a Trojan downloader and a tool meant to collect general system information - OS version, running services, username, network configuration, etc. It is written in the C++ language. Hundreds of Variants The KASPERAGENT Trojan appears to be a very popular hacking tool in the Middle East. Cybersecurity researchers have detected over a hundred different samples of this threat. It seems that...

Posted on July 11, 2019 in Malware

MICROPSIA

The MICROPSIA malware is an info-stealer, which has been noticed in several hacking campaigns concentrated in the Middle East. It has not been confirmed, but it is speculated that the MICROPSIA malware may be a part of the arsenal of the Two-Tailed Scorpion hacking group. This APT (Advanced Persistent Threat) is believed to have links to the infamous terrorist group Hamas. What led cybersecurity experts to believe this is the fact that the MICROPSIA malware comes from the same IP addresses and domains as the VAMP Android Trojan and the KASPERAGENT Trojan, which are both very likely tools of the Two-Tailed Scorpion hacking group. The campaigns involving the MICROPSIA malware targeted high-ranking politicians mainly, as well as scholars and even students alongside various business employees all located in the Middle East. Propagation and...

Posted on July 11, 2019 in Malware

SECUREUPDATE

The SECUREUPDATE threat is a Trojan downloader, which is programmed to target Android devices. Malware researchers speculate that this threat may be a creation of the infamous Two-Tailed Scorpion hacking group. They are known to operate in the Middle East mainly and are likely to have ties to the terrorist group Hamas. Most of their targets are in Israel and Palestine. They have many hacking tools in their arsenal some of which may be the VAMP Android Trojan, the GnatSpy Android Trojan, the KASPERAGENT Trojan, and the MICROPSIA malware. More often than not, the campaigns of this APT (Advanced Persistent Threat) are motivated politically and aim to further the interests of Hamas in the area. Propagation Method The name of the SECUREUPDATE Trojan is derived from the propagation method employed in the spreading of this threat. The authors...

Posted on July 11, 2019 in Malware

BKP Ransomware

Cybersecurity researchers work to discover and combat new malware tirelessly. Recently, they came across the BKP Ransomware – a data-locking Trojan, which is a variant of the infamous Dharma Ransomware. More and more cybercriminals choose to base their ransomware threats on the Dharma Ransomware likely because it has proven to be a rather propitious and efficient file-encrypting Trojan. Propagation and Encryption Malware experts have failed to conclude as to what is the exact infection vector being used in the propagation of the BKP Ransomware. Some believe that emails containing infected attached files, bogus software updates, and corrupted pirated applications may be among the distribution methods used by the authors of the BKP Ransomware. If the BKP Ransomware happens to infect your PC, it will star the attack by performing a scan....

Posted on July 11, 2019 in Ransomware

Worm.Autorun

Worm.Autorun is a family of worms that spread through systems by altering the present autorun.inf file on any removable media sources, such as USB drives, DVDs and the like. It is made with the intent to infect any system where such media sources are connected. Autorun worms are often distributed through the use of executable files. The file may be a copy created in a previous worm infection or it may have been dropped on a device or the computer by exploit kits or trojans. The executables are often saved to the root directory on a computer or a disk drive, USB flash drives, mobile devices and more. Creation of copies and infection spread When the worm file is initially launched, it makes a copy of itself onto one or several drives on the device or computer it's present on. Some of the Autorun worms may also create copies of themselves...

Posted on July 11, 2019 in Worms

'Agent Smith' Android Malware Secretly Replacing WhatsApp and Others Infects 25 Million Devices

Android devices are no stranger to malware threats and various malicious attacks mostly through infected apps. Unfortunately for Android devices, users tend to get apps malicious apps from the Google Play Store or from various third-party sources versus an iPhone user that often gets their apps from the controlled and mostly malware-free Apple App Store environment. As it turns out, the most recent rash of malware-plagued apps comes in the form of malware dubbed Agent Smith, which is known for secretly replacing the WhatsApp app on Android devices. The Agent Smith Android malware looks to exploit vulnerabilities within the operating system where it will automatically replace legitimate apps without the user noticing. The primary apps that Agent Smith was found to secretly replace are WhatsApp, Flipkart, Opera Mini, and reportedly, apps...

Posted on July 10, 2019 in Computer Security

'Great Duke Of Hell' DLL Malware Attack Uncovers Vicious Astaroth Fileless Malware Threat

Microsoft recently lifted the veil on how one very unpleasant fileless malware that works to steal data without ever having to be installed on a victim's machine – Astaroth. Named after a demon of the same name straight from the occult books 'Ars Goetia' and 'The Key of Solomon', said to seduce his victims through vanity and laziness, this malware has been in circulation ever since 2017. It was mostly used to steal data from South American and European companies in targeted attacks that used spear phishing as a point of entry. There is something that makes this specific infection unique, according to Microsoft Defender APT's researcher Andrea Lelli, as it has the ability to stealthily infiltrate under the detection methods of some traditional antivirus programs. According to Lelli, Astaroth is notorious for information stealing of...

Posted on July 10, 2019 in Computer Security

CROWN Ransomware

Ever vigilant cybersecurity researchers have spotted a new ransomware threat at the start of July 2019. This new data-encrypting Trojan is named CROWN Ransomware. The CROWN Ransomware does not appear to be a variant of any of the most notorious ransomware threats. Infecting Your System It has not yet been confirmed what are the exact infection vectors employed by the perpetrators of the attack. Some malware experts speculate that emails containing macro-laced attachments, bogus software updates, and compromised pirated applications may be some of the techniques used in propagating the CROWN Ransomware. When the CROWN Ransomware gains access to a system, it will begin the attack by initiating a scan on the files present. Then, the targeted files (which will be encrypted later) will be located. The next step is to encrypt the targeted...

Posted on July 10, 2019 in Ransomware

VAMP

The Two-Tailed Scorpion APT (Advanced Persistent Threat) is a hacking group, which likely originates from the Middle East. Many speculate that the Two-Tailed Scorpion APT is working with the Hamas terrorist organization. Most of these APT campaigns are concentrated in the Middle Eastern region. Its targets include high-ranking politicians in Israel, as well as Palestine. Despite mainly focusing on Israel and Palestine, the Two-Tailed Scorpion hacking group has had successful campaigns targeting Egypt and Jordan, among other countries. The Espionage The Two-Tailed Scorpion APT has been gaining popularity with one of their hacking tools called VAMP. The VAMP Trojan is programmed to target Android devices, and experts have already spotted multiple campaigns employing this threat against universities, companies in the security industry,...

Posted on July 10, 2019 in Malware

Save Ransomware

The Save Ransomware is a newly uncovered file-encrypting Trojan. When cybersecurity researchers studied this ransomware threat, they discovered that it belongs to the notorious Dharma Ransomware family. Infiltrating Your PC Malware experts have been unable to pinpoint the exact method of propagation utilized in the spreading of the Save Ransomware. Some believe that mass spam email campaigns, alongside fraudulent application updates, and infected pirated software are among the infection vectors used in propagating this new data-locking Trojan. Once the Save Ransomware manages to infiltrate your PC, it will start the attack with a scan. The goal of scanning your system is to determine the locations of the files, which will be targeted for encryption. When this is completed, the Save Ransomware will start locking the data it was...

Posted on July 10, 2019 in Ransomware

GnatSpy

The GnatSpy hacking tool is believed to be a piece of malware, which has been created by the infamous Two-Tailed Scorpion APT (Advanced Persistent Threat) and is designed to target Android devices. This hacking group is believed to be located in the Middle East and has been reported to target mainly government bodies and officials in Israel and Palestine. Some believe that the Two-Tailed Scorpion group is working alongside the terrorist group Hamas to further their interests in the area. When the GnatSpy Trojan was dissected, it became clear that this threat is very similar to another hacking tool used by the Two-Tailed Scorpion group – the VAMP Trojan. It appears that the GnatSpy project may be an upgraded version of the VAMP Trojan. Propagation Method The GnatSpy Trojan is being propagated via fraudulent applications, which are often...

Posted on July 10, 2019 in Malware
1 2 3 4 5 6 7 8 9 10 11 12 13 1,347