GoBotKR

Cybercriminals often borrow code from one another, and they are fond of open-source projects especially. It would appear that the GoBotKR Trojan is based on the GoBot2 backdoor, which is a threat whose source code was made available to the public. The authors of the GoBotKR threat have adopted a lot of the code behind the GoBot2 backdoor and modified it to their liking. The cybercrooks behind the GoBotKR Trojan are mainly focusing on South Korea (hence the ‘KR’ in the name) with over 80% of compromised systems located there. However, there have been campaigns spotted in other East Asian locations such as Taiwan and China. It is speculated that the goal of the GoBotKR is to infect as many computers as possible and create a botnet, which would then be used for potential DDoS (Distributed-Denial-of-Service) attacks. Pirated Torrents...

Posted on July 9, 2019 in Backdoors

SilentTrinity

The SilentTrinity is a new hacking tool, which was spotted in a campaign carried out against the Croatian government recently. Malware experts couldn’t identify what hacking group is responsible for the attacks. However, this new threat has an interesting feature – the SilentTrinity malware does not leave behind any traces of its activity on the infected machine. This is done by the payload entering the RAM of the system. This makes the SilentTrinity malware much more difficult to spot for anti-spyware tools and minimizes the traces left of the unsafe activity greatly. Propagation Method The propagation method used by the authors of the SilentTrinity malware is spam emails masquerading as legitimate email sent by the Croatian Postal Service, even going as far as mimicking the original domain names of the institution. The emails would...

Posted on July 9, 2019 in Malware

KICK Ransomware

There are new ransomware threats rearing their ugly heads daily as more and more cybercriminals try their luck with making a quick buck by blackmailing innocent users. One of the newest file-locking Trojans to emerge is the KICK Ransomware. When analyzed, the KICK Ransomware revealed that it is a variant of the infamous Dharma Ransomware. Compromising Your PC Malware researchers have not yet determined what infection vectors are involved in the spreading of the KICK Ransomware. Some believe that mass spam email campaigns, infected pirated applications, and bogus software updates might be some of the propagation methods used in the spreading of the KICK Ransomware, as these are among the most popular infection vectors used by cybercrooks. If the KICK Ransomware manages to compromise your system, it will begin a scan whose goal is to...

Posted on July 9, 2019 in Ransomware

Crash Ransomware

Ransomware threats are growing in popularity as cybercriminals all over the world are encouraged to try their luck when they see cases like the Florida town, which paid hackers $600,000 as a ransom fee at the end of June 2019. This is why it is not one bit surprising that there are new ransomware threats detected on a daily basis. One of the most recently spotted is the Crash Ransomware. When malware researchers dissected this data-locking Trojan, they found out that it belongs to the widely popular Dharma Ransomware family. Infecting Your System It is believed that the authors of the Crash Ransomware may be utilizing faux application updates, corrupted pirated software, and spam emails containing infected attachments as infection vectors in spreading their creation. However, cybersecurity experts have not been able to pinpoint the...

Posted on July 9, 2019 in Ransomware

Basilisque Ransomware

The Basilisque Ransomware is a data-locking Trojan, which has surfaced the Internet recently. It appears that the Basilisque Ransomware is not a variant of any of the widely known ransomware threats but is likely a project built from scratch. Compromising Your System Cybersecurity researchers have not been able to pinpoint the exact method of spreading the Basilisque Ransomware. Some believe that emails with infected attached documents, bogus software updates and corrupted pirated applications may be among the infection vectors utilized by the authors of the Basilisque Ransomware. Once the Basilisque Ransomware worms its way in your system, it will scan your data. The goal is locating the files, which will then undergo encryption. When the scan is completed, the Basilisque Ransomware will start locking the data. A...

Posted on July 8, 2019 in Ransomware

Php Ransomware

At the start of July 2019, malware researchers spotted a new ransomware threat called the Php Ransomware. When they dissected this newly emerged file-encrypting Trojan, experts found out that the Php Ransomware belongs to the Dharma Ransomware family. Infiltrating Your PC It is not yet known what propagation method is employed in the spreading of the Php Ransomware. Some believe that the authors of this data-locking Trojan may be employing fraudulent application updates, infected pirated software, and mass spam email campaigns as propagation methods to spread their creation. When the Php Ransomware infiltrates a machine, it will perform a scan. Then, when the files that the Php Ransomware was programmed to target are located, this threat would trigger its encryption process. When a file is encrypted by the Php Ransomware, its name is...

Posted on July 8, 2019 in Ransomware

Riltok

The Riltok malware is a banking Trojan, which targets Android devices. The first campaigns featuring the Riltok took place over one year ago, and this banking Trojan has been active ever since. Over 90% of the victims of the Riltok Trojan are located in Russia. Despite the initial campaigns only targeting Russian Android users, the authors of the Riltok banking Trojan have begun to expand their reach. Their operations in 2019 reveal that they are now targeting Android devices in the United Kingdom and France, among other European countries. Infecting Your Device The authors of the Riltok Trojan are using fraudulent text messages as their go-to infection vector. The text messages are tailored according to where the user is located. In Russia, the bogus text message claims that it would provide the user with free advertising if they...

Posted on July 8, 2019 in Trojans

Dqb Ransomware

The Dqb Ransomware is a newly emerged ransomware threat. Once cybersecurity experts spotted it, they decided to dissect this data-encrypting Trojan. They concluded that the Dqb Ransomware is a variant of the infamous Dharma Ransomware quickly. Infecting Your System Malware experts have not come to a consensus regarding the propagation method employed in the spreading of the Dqb Ransomware. However, some speculate that the most common techniques are likely at play here – bogus software updates, spam email campaigns and corrupted pirated applications. Once the Dqb Ransomware compromises a computer successfully, it will scan it. This is done so that the Dqb Ransomware locates the file, which will be locked later. Then, the encryption process begins. The files, which are affected by the Dqb Ransomware, will have their names changed....

Posted on July 8, 2019 in Ransomware

Gelup

TA505 is a hacking group, which has been very active recently having launched operations with targets in multiple countries – South Korea, Philippines, Japan, as well as Saudi Arabia, UAE and even Argentina. Often, hacking groups concentrate their efforts in a particular region in the world, but the TA505 group has a broader reach. Cybersecurity experts have spotted two new hacking tools, which have been added to the arsenal of the TA505’s hacking tools – the FlowerPippi backdoor Trojan and the Gelup Trojan downloader. The preferred propagation method used by the TA505 group is phishing emails. They use social engineering techniques in crafting these fraudulent emails to increase the chances of the user falling in their trap. The attachments in these emails are macro-laced files, usually either a Microsoft Word document or a Microsoft...

Posted on July 5, 2019 in Malware

FlowerPippi

Cybersecurity researchers have been keeping a close eye on the TA505 hacking group recently as two new hacking tools have been introduced to their arsenal – the Gelup Trojan downloader and the FlowerPippi backdoor Trojan. This hacking group does not shy away from launching operation with targets all around the world – from East Asia with victims in Japan, the Philippines, and South Korea, to the Middle East with targets in the UAE and Saudi Arabia. The FlowerPippi Trojan can bypass security checks potentially because its authors have made sure to obfuscate its code. This backdoor Trojan is written in C++. It is likely that the authors of the FlowerPippi backdoor have created as a one-time-use-only tool as this threat does not attempt to gain persistence on the compromised computer. This malware is usually employed in swift attacks...

Posted on July 5, 2019 in Malware

Virus-encoder Ransomware

More and more ransomware threats flood the Internet each day. Among the newest ones spotted by cybersecurity researchers is the Virus-encoder Ransomware. It appears that this data-locking Trojan may have been built from scratch as it is not a variant of any of the famous ransomware threats. It cannot be confirmed with any certainty what propagation method is being used in the spreading of the Virus-encoder Ransomware. Spam emails containing corrupted attachments, fraudulent software updates, and infected pirated application are one of the most common methods in spreading ransomware threats, and some speculate that these may be the infection vectors employed in propagating the Virus-encoder Ransomware. The Virus-encoder Ransomware will scan the system, which it infiltrates. The goal is to find out the locations of the files, which will...

Posted on July 5, 2019 in Ransomware

Acton Ransomware

The Acton Ransomware is a data-locking Trojan, which has emerged on the Web recently. When malware experts dissected the Acton Ransomware, they found out that it belongs to the Phobos Ransomware family. Cybersecurity researchers have not been able to pin down what method of propagation are the cybercrooks behind the Acton Ransomware using to spread their creation. However, some believe that the most common propagation techniques may be at play here – infected pirated software, bogus application updates and mass spam email campaigns. When the Acton Ransomware compromises a PC, it will run a scan. The point of this scan is to locate the files, which will be encrypted in the next step of the attack. Then, the Acton Ransomware will proceed with its encryption process. This file-encrypting Trojan will add an extension to the newly locked...

Posted on July 5, 2019 in Ransomware

WannaHydra

With the growing popularity of Android devices, cybercriminals have been pumping out an increasing amount of malware dedicated to targeting machines running the Android OS. The WannaLocker Ransomware is a ransomware threat that targets Android devices specifically. The authors of the WannaLocker Trojan have copied the interface of the infamous WannaCryptor Ransomware – the ransomware threat that made headlines all around the world in 2017. It appears that this is the only aspect that the cyber crooks responsible for the WannaLocker threat have borrowed which is fortunate for the victims, as the WannaCryptor Ransomware is an extremely threatening, high-end project. Ever since releasing the WannaLocker Trojan, its authors have not been idle. They have updated their threat and renamed it to WannaHydra. The name seems to be related to the...

Posted on July 4, 2019 in Malware

BianLian

The BianLian malware was first spotted in 2018. It became evident quickly that this threat is targeting Android devices. However, the authors of the BianLian malware have not been sitting idly – they have introduced an update to their threat. The update allows the BianLian malware to obfuscate the threat’s code much more effectively, which has made this threat much more difficult to dissect and enabled it to improve its ability to stay under the radar of anti-malware applications. In its previous variants, the BianLian served as a first-stage payload whose purpose was to infiltrate a device and then serve as a backdoor and introduce additional malware to it. With the new update, the BianLian is no longer only a backdoor but can complete other tasks too. Once the BianLian malware infiltrates a device, it will make sure to hide its icon...

Posted on July 4, 2019 in Malware

ChineseRarypt Ransomware

The ChineseRarypt Ransomware is a file-locking Trojan that has been spotted by malware researchers recently. This ransomware threat is not a variant of any of the popular ransomware threats. Cybersecurity experts have been unable to confirm what infection vectors have been employed in spreading the ChineseRarypt Ransomware. However, some speculate that the cyber crooks responsible for the ChineseRarypt Ransomware are using spam email campaigns, alongside bogus software updates and likely corrupted pirated applications to spread their creation. If the ChineseRarypt Ransomware gains access to a system, it scans it to detect the locations of the files, which will be targeted. Most ransomware threats would then proceed with the attack by encrypting the targeted data. The ChineseRarypt Ransomware, however, does not encrypt any files....

Posted on July 4, 2019 in Ransomware