COCKROACH_LOCKER Ransomware

Day after day, cybersecurity experts keep uncovering more ransomware threats in the wild. It would appear that cyber crooks regard creating and distributing file-locking Trojans as a low-risk high-reward endeavor since it is not likely that authorities will ever manage to sniff them out and punish them. One of the latest ransomware threats, which have been spotted, is the COCKROACH_LOCKER Ransomware. It is not yet certain whether this threat belongs to any of the known ransomware families. Propagation and Encryption It is not clear what propagation method has been utilized by the authors of the COCKROACH_LOCKER Ransomware. However, there are several techniques, which are very common when it comes to spreading ransomware threats. The most common one is spam emails that contain macro-laced attachments. The user is urged to open the...

Posted on October 28, 2019 in Ransomware

PhobosImposter Ransomware

The PhobosImposter Ransomware is among the most recently spotted ransomware threats, which are lurking the Web looking for new victims. Many cyber crooks opt to build and distribute threats of this type because they are often seen as a way to generate some quick cash without much of a risk of getting caught. It is not clear yet whether the PhobosImposter Ransomware is a variant of any of the popular ransomware families. This is despite the attackers trying to mask their threat as a copy of the infamous Phobos Ransomware clearly. This is likely done because this notorious data-encrypting Trojan strikes fear in the hearts of users online worldwide. Propagation and Encryption Malware researchers have not yet pinpointed the exact infection vectors, which are to blame for the spreading of the PhobosImposter Ransomware. The creators of this...

Posted on October 28, 2019 in Ransomware

DavesSmith Ransomware

At the end of October 2019, malware experts spotted yet another ransomware threat pestering users online. It is being dubbed the DaveSmith Ransomware. Data-locking Trojans tend to operate in a very similar manner to one another. They would usually infect a host, scan their files, encrypt the targeted data, and then demand a fee for a decryption key. The DaveSmith Ransomware is no different. Propagation and Encryption It has not yet been confirmed what propagation method are the authors of the DaveSmith Ransomware utilizing to spread their threatening creation. Ransomware threats are propagated via mass spam email campaigns most commonly. The emails would contain a message riddled with social engineering tricks and a corrupted attachment, which, once opened, will trigger the launching of the threat. Another popular infection vector for...

Posted on October 28, 2019 in Ransomware

Spidey Bot

Cybercriminals tend to come up with more and more intricate ideas when it comes to developing threats. One interesting method used by cyber crooks is to utilize legitimate applications for their nefarious purposes. This is exactly what the creators of the Spidey Bot have done. The genuine application used in the case of Spidey Bot is the Discord messaging service. The creators of this threat have made sure that the corrupted code of the Spidey Bot is injected into Discord’s file. Once this has been completed, the Spidey Bot will reboot the messaging application to ensure that the corrupted modules will be up and running. By Using the Electron Framework Cybercriminals can Plant a Bad Code Many applications are built with the help of a particular toolkit called Electron. The Electron framework allows software developers to build...

Posted on October 25, 2019 in Botnets

BADNEWS

The BADNEWS Trojan was first spotted two years ago, but its activity has not halted yet. It is believed to be the creation of a hacking group called Patchwork, which tends to target users located in India mainly. This group also is known as Monsoon and Dropping Elephant. Over the years, the Patchwork APT (Advanced Persistent Threat) has introduced several updates to the BADNEWS Trojan. They have made sure that this threat is able to detect whether it is being run in a malware debugging environment and, if it is, cease operating. The BADNEWS Trojan’s ability to remain undetected by anti-malware tools also has been improved. Propagates via Spear-Phishing Emails The BADNEWS Trojan is propagated via email spear-phishing campaigns mainly. The emails would contain an attachment that is meant to attract the attention of the user and convince...

Posted on October 25, 2019 in Backdoors

GrandSteal

The GrandSteal infostealer is a brand-new threat that does not seem to be related to any of the infostealers known to malware researchers. This threat has managed to confuse some anti-malware services too, as some of them report that this is a copy of the Quasar RAT. Upon further inspection, however, it turned out that the two threats are not related at all. There has been a report stating that a variant of the GrandSteal infostealer was hosted on a Russian domain. Do not rush to conclusions, though – this does not mean that the threat originates from the Russian Federation. The GrandSteal Infostealer Capabilities Cybercriminals who develop their own hacking tools often tend to sell them on hacking forums online. However, so far, cybersecurity experts have not spotted an advertisement regarding the GrandSteal infostealer. This...

Posted on October 25, 2019 in Trojans

Hdmr Ransomware

A brand-new ransomware threat has been spotted in the wild – its name is the Hdmr Ransomware. It does not appear that this file-locking Trojan is related to any of the known ransomware families. Ransomware threats are one of the most threatening malware types, and they claim countless numbers of victims every year. Propagation and Encryption There is still no decisive information regarding the propagation method utilized in the spreading of the Hdmr Ransomware. Spam emails containing macro-laced attachments are one of the most popular methods of spreading threats of this type. The attackers may also have used fake pirated copies of popular applications or bogus software updates to propagate the Hdmr Ransomware. The Hdmr Ransomware will look for the most popular file types once it compromises the targeted host. These include .jpeg,...

Posted on October 25, 2019 in Ransomware

Gamaredon Group

The Gamaredon Group is an APT (Advanced Persistent Threat), which some speculate originates from Russia, although this information is yet to be confirmed. The Gamaredon Group was first spotted back in 2013. This hacking group goes after Ukrainian targets mostly, which often tend to be high-ranking officials. The preferred propagation method is phishing email campaigns. The Gamaredon Group makes sure to make the emails seem as legitimate as possible by using various social engineering techniques. The phishing emails would often have an attached file that is tailored to look like an important document that needs immediate reviewing. This APT is known to use both hacking tools, which they have developed as well as threats that are available for purchase online. Furthermore, the Gamaredon Group also has been spotted weaponizing genuine...

Posted on October 24, 2019 in Malware

Ke3chang

One of the most popular hacking groups, which are believed to hail from China, is the Ke3chang APT (Advanced Persistent Threat). They also are known as APT15. Over time, malware researchers have been keeping a close eye on the activity of the Ke3chang hacking group and have made some interesting discoveries. It appears that APT15’s campaigns carry some significant similarities with those of other Chinese hacking groups, such as similar tactics, almost identical infrastructure and matching payloads. Among these Chinese-based hacking groups are Playful Dragon, GREF, RoyalAPT, Vixen Panda and Mirage. Usually, such close similarities mean one of two things (or both) – certain prominent hackers are members of more than one group, or/and the hacking groups share information and techniques, which are mutually beneficial. Ke3chang’s Arsenal of...

Posted on October 24, 2019 in Malware

GovRAT

The GovRAT (Remote Access Trojan) is a threat that can be purchased on hacking forums in the Dark Web. The developers of the GovRAT are selling it for $1,000. However, if one wants to obtain the source code of the GovRAT, they will have to part with $6,000. For some cyber crooks who are more advanced and experienced technically, this price will be worth it because getting their hands on the GovRAT’s source code means they can modify it however they wish and even weaponize it further. Malware researchers are speculating that several hacking groups have likely purchased the GovRAT already. It also appears that this threat has been utilized in several campaigns targeting military organizations, as well as government bodies. There are much cheaper RATs being sold publicly, but they do not come anywhere near the capabilities of the GovRAT....

Posted on October 24, 2019 in Remote Administration Tools

Mockba Ransomware

Ransomware creators do not seem to take a day off – a brand new file-encrypting Trojan has been spotted recently. Its name is the Mockba Ransomware. This appears to be a new ransomware family. Ransomware threats appear to be perceived as a low-risk, high-reward type of endeavor as more and more shady individuals develop and propagate various data-locking Trojans. Propagation and Encryption Most authors of ransomware tend to utilize spam email campaigns to spread their creations. The emails in question would often contain a macro-laced attachment that is carrying the threatening payload. Another trick used by ransomware creators is using fake pirated copies of popular applications to trick users into executing their threat. This is why malware experts warn against downloading any pirated software of media; it is just not worth the risk....

Posted on October 24, 2019 in Ransomware

Cobalt Group

The Cobalt Group is a well-known group of hackers that have been operating in the cybercrime scene for a while. They do not appear to be acting on behalf of any government. Instead, their attacks appear to be financially motivated. Most of their attacks are carried out in Eastern Europe, Central and Southeast Asia. The Cobalt Group likes to play big – most of their targets tend to be high-profile institutions such as banks or other organizations operating in the financial industry. The hacking group is also known to have targeted ATMs (Automated Teller Machines) and online payment processors. The Cobalt Group prefers to carry out stealthy attacks, even if that means it would take them longer to complete an operation. They would often infiltrate a targeted network over a long period, as this makes it less likely for their unsafe...

Posted on October 23, 2019 in Malware

Nols Ransomware

One of the most notorious ransomware families, which have been plaguing users worldwide is the STOP Ransomware family. In 2019 dozens of variants of the STOP Ransomware have been released and have claimed a large number of victims. Propagation and Encryption Cybersecurity experts believe that the authors of the Nols Ransomware are using spam emails containing corrupted attachments to propagate this file-locking Trojan. It is also likely that they are taking advantage of fake application updates and pirated bogus copies of popular software to spread the Nols Ransomware. This is why it is advised to be very careful when opening attachments by unknown sources and avoid downloading pirated content at all costs. When the Nols Ransomware infiltrates your computer, it will make sure to perform a scan and locate all the data, which will be...

Posted on October 23, 2019 in Ransomware

Werd Ransomware

Most cyber crooks are not as highly-skilled as they are often portrayed. Most shady individuals who decide to try their luck in the world of cybercrime are not very proficient or experienced. In the case of ransomware threats, such actors would opt to borrow the readily available code of well-established file-encrypting Trojans and only slightly tweak it to fit their needs. This is the case with the Werd Ransomware. Propagation and Encryption Once spotted and dissected, it became evident that the Werd Ransomware is in fact a variant of the notorious STOP Ransomware. Despite malware researchers being unable to determine the infection vectors used in the spreading of the Werd Ransomware, the most popular ransomware propagation methods have been speculated as potential culprits. This includes fake pirated copies of legitimate...

Posted on October 23, 2019 in Ransomware

InfoDot Ransomware

Recently, a new data-locking Trojan has been spotted. It goes by the name InfoDot Ransomware. Victims of the InfoDot Ransomware have reported that this file-encrypting Trojan is appending different extensions to the locked files. So far, it is known that the InfoDot Ransomware has used the ‘.info@sherbyy[dot]com’ and ‘.info@mymail9[dot]com’ extensions. Propagation and Encryption The infection vectors utilized in the spreading of the InfoDot Ransomware are yet to be revealed. Most ransomware threats are usually propagated via mass spam email campaigns. Other common techniques are bogus software updates and fraudulent pirated variants of popular applications. Users need to be very cautious when dealing with emails from unknown sources and make sure to avoid torrenting pirated media or applications as they hide great risks. When the...

Posted on October 23, 2019 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 12 13 1,370