YobaCrypt Ransomware

The YobaCrypt Ransomware is a brand-new ransomware threat. More and more cybercriminals try their luck in creating file-locking Trojans as they are often perceived as an easy way to generate some cash. Propagation and Encryption It is not yet clear what is the exact infection vector involved in the propagation of this new ransomware threat. Some malware researchers believe that fake application updates, pirated copies of legitimate software, and spam emails containing corrupted attachments may be some of the propagation methods used by the authors of the YobaCrypt Ransomware. This data-encrypting Trojan will scan your system briefly once it infiltrates it. The purpose is to locate all the files, which will be targeted for encryption. Once this step is completed, the YobaCrypt Ransomware will start its encryption process. All the files,...

Posted on August 14, 2019 in Ransomware

Neko

An increasing number of cyber crooks choose to try their luck in creating malware targeting IoT (Internet-of-Things) devices as more and more devices are becoming ‘smart’ and are thus connected to the Internet. An additional factor in the increased interest in infecting IoT devices is that they often have very weak security features making them a lucrative target for cybercriminals. However, IoT devices usually have very limited abilities and are thus normally used to build large botnets whose purpose is launching DDoS (Distributed-Denial-of-Service) attacks. Fell For a ‘Honeypot’ In 2019, malware researchers discovered a fairly large IoT botnet named Neko. This botnet was first seen in the wild when a researcher-operated IoT device (Honeypot) was infected by the threat. The machines that are a part of a Honeypot are normally made to...

Posted on August 14, 2019 in Malware

Mtogas Ransomware

Cybersecurity researchers have been spotting more and more ransomware recently. Among the newest uncovered threats is the Mtogas Ransomware. When experts studied this data-locking Trojan, they found out that it belongs to the STOP Ransomware family. Propagation and Encryption The malware researchers who uncovered the Mtogas Ransomware have not been able to establish what is the exact method employed in the propagation of this file-encrypting Trojan. Some speculate that the infection vectors used for the spreading of the Mtogas Ransomware may be spam emails containing corrupted attachments, bogus applications updates, and pirated copies of legitimate software tools. If the Mtogas Ransomware manages to worm its way in your system, it will kick off the attack by performing a scan. The scan serves to determine the locations of the files,...

Posted on August 13, 2019 in Ransomware

VBShower

The APT41 (Advanced Persistent Threat) hacking group has been active since 2014 and has managed to cause a lot of harm to countless users globally. This hacking group also is known under the aliases Cloud Atlas APT. They have targeted users in the United States, Russia, India, Turkey, Belgium, Bulgaria and others. It appears that the APT41 is mainly going after government institutions, religious groups, and business involved in the aerospace industry. One of their most known threats is the PowerShell Trojan. However, it seems that the focus of the APT41 has shifted from PowerShell to a new and improved version of it named VBShower recently. The main infection vector used in the propagation of the VBShower hacking tool appears to be macro-laced Microsoft Office documents. Good at Avoiding Detection The VBShower is notable for its...

Posted on August 13, 2019 in Malware

Hodin RAT

Many Linux users believe falsely that their systems are an impenetrable fortress to the evil forces of malware. However, this is not the case. Despite there not being that much interest in developing malware targeting Linux systems specifically, there are still cybercriminals who are willing to get into this niche market. Linux users cannot afford to continue overlooking their security as there is an increasing number of Linux-targeting malware emerging. Limited Abilities Recently, a user of the GitHub website has decided to upload the code of a threat publicly, which is tailored to target Linux running systems. This threat is a RAT (Remote Access Trojan) that goes by the name the Hodin RAT. As with most RATs targeting Linux users, the Hodin RAT is not nearly as weaponized as various RATs that target Windows running computers. The...

Posted on August 13, 2019 in Remote Administration Tools

WinLog

It would appear that an anonymous user has decided to upload the source code of a new keylogger tool free of charge, on a platform online. The keylogger is called WinLog and it is rather basic. However, the fact that the WinLog keylogger is available for free means that we may soon see mass-scale attacks employing this threat from a variety of different ill-minded actors around the world. Sometimes a more highly-skilled cybercriminal would come across a freely available hacking tool like the WinLog and build on the basis of its source code to create a more harmful and complex threat. Simple but Dangerous Despite the current variant of the WinLog keylogger being more simplistic, it does not mean that it is not to be considered threatening. On the contrary, the WinLog keylogger can cause great harm if it manages to infiltrate an...

Posted on August 13, 2019 in Keyloggers

Varenyky

The Varenyky malware is a brand-new threat, which appears only to target French users. This threat is being propagated via phishing emails. The emails contain an attachment, which is masked as an urgent invoice. Once the user tries to open the attachment, they will trigger the macro-script hidden within it. The threat will then check what is set as default on the compromised host. If the language that will be used is French, the attack will proceed, if it is not the threat will halt its activity. Capabilities In case that the default language is French and the unpacking of the malware is successful, the attackers will be able to execute various commands on the infected system, as well as plant additional malware on it. The Varenyky malware is capable of utilizing third-party tools to gather login credentials from Web browsers, as well...

Posted on August 12, 2019 in Malware

Saefko

Often, cybercriminals who develop their own hacking tools opt to sell them publicly to make some quick cash. This is the case with the Saefko RAT (Remote Access Trojan). This RAT appears to be mainly used for espionage and offers the users who buy it a great insight into the habits of the victims they choose to target. This helps them tailor a better approach to trick the targets potentially. Digs through Browser History Once the Saefko RAT is triggered, it wil establish a connection with a legitimate Google service immediately. This will help the RAT find out whether the system is connected to the Internet or not. If the compromised host is connected to the Web, the Saefko RAT will begin searching through the browser history of the victim. This RAT is looking for URLs that are linked to a few categories: Cryptocurrency. Finance....

Posted on August 12, 2019 in Remote Administration Tools

mr.yoba@aol.com Ransomware

The mr.yoba@aol.com Ransomware is a recently spotted ransomware threat. Unfortunately, It is likely that there is not a free decryption tool available yet. Propagation and Encryption It is not yet known how are the authors of the mr.yoba@aol.com Ransomware propagating their creation exactly. Some believe that mass spam email campaigns alongside fake software updates and infected pirated copies of legitimate applications may be some of the infection vectors used in the propagation of the mr.yoba@aol.com Ransomware. Once it infects your system, it will scan it to locate the files of interest, which will be marked for encryption. Then, the mr.yoba@aol.com Ransomware will begin its encryption process. Once the mr.yoba@aol.com Ransomware locks a file, it also changes its name. This threat uses a random combination of numbers as an...

Posted on August 12, 2019 in Ransomware

WECANHELP Ransomware

Recently, malware researchers spotted a new data-locking Trojan circulating the Internet. Its name is WECANHELP Ransomware and once dissected this threat revealed to be a variant of the Cry36 Ransomware and the Nemesis Ransomware. Propagation and Encryption Cybersecurity experts have not yet been able to determine with full certainty what are the infection vectors applied in the propagation of the WECANHELP Ransomware. It is very likely that spam emails containing macro-laced attachments, bogus application updates, and pirated fake copies of popular software tools may be among the propagation methods used by the creators of the WECANHELP Ransomware. Regardless of how the WECANHELP Ransomware ends up on your system, once it infiltrates it, its first task is to perform a quick scan. The scan is made to determine the locations of the...

Posted on August 12, 2019 in Ransomware

Smominru

The Smominru crypto miner is a threat that has been around for a while. Malware experts managed to hold back the campaign by configuring a bait & sinkhole server that kept a significant fraction of Smominru's network busy on a loop, therefore preventing it from going after valid targets. However, since this happened, the authors of the Smominru threat have been introducing significant improvements. New Features The actors responsible for the Smominru crypto mining campaign have added several new features: Collecting logging credentials is done via a modified variant of the Mimikatz malware. The EternalBlue exploit is used to propagate the payload of the threat. Several payloads contain a RAT (Remote Access Trojan) feature. Selling Access to Compromised Networks To garner more revenue, the authors of the Smominru crypto mining campaign...

Posted on August 9, 2019 in Botnets

Junior Ransomware

At the beginning of August 2019, cybersecurity experts uncovered a new ransomware threat. This threat goes by the name Junior Ransomware, and when studied, it revealed to be a variant of the Cryakl Ransomware. Propagation and Encryption It has not yet been disclosed what the propagation method applied in the spreading of the Junior Ransomware is. However, it is very likely that spam emails containing corrupted attachments, bogus application updates, and pirated variants of legitimate software may be among the infection vectors used by the creators of the Junior Ransomware. When the Junior Ransomware compromises a computer, it perform a scan whose purpose is to locate all the files, which will be marked for encryption. Next, the Junior Ransomware will start the encryption process. Once the Junior Ransomware locks a file, it will change...

Posted on August 9, 2019 in Ransomware

Arsium Ransomware

Recently, a hacking forum user that goes under the alias of Arsium uploaded a ransomware builder on said forum. This ransomware builder is being distributed free of charge. Such a move has the potential to cause great harm because anyone with ill intentions can download this ransomware builder and create and propagate their own data-locking Trojan. Limited Abilities The Arisum Ransomware toolkit is very limited in regards to what directories can be targeted and locked. This ransomware builder is only capable of going after the files, which are located in the desktop folder. However, the creator of the Arsium Ransomware builder may change this in the future and include other directories too. The Arisum Ransomware toolkit appends an extension to the encrypted files and chooses a password (key) that the ransomware will use to encrypt...

Posted on August 9, 2019 in Ransomware

Londec Ransomware

There have been new ransomware threats popping up daily, and malware researchers are struggling to keep up. Among these brand-new file-encrypting Trojans is the Londec Ransomware. Upon dissecting the Londec Ransomware cybersecurity experts determined that it is a variant of the STOP Ransomware. Propagation and Encryption It has not yet been uncovered what the propagation methods involved in the spreading of the Londec Ransomware are. Some researchers speculate that the creators of the Londec Ransomware may be using mass spam email campaigns, fraudulent software updates, and pirated fake copies of legitimate applications may be some of the infection vectors used by the cyber crooks. When this ransomware threat worms its way into your computer, it will perform a brief scan. The goal is to locate your files, which the Londec Ransomware...

Posted on August 9, 2019 in Ransomware

Omegle Phishing Virus

The con artists tricks to invade the computers of Internet users are never-ending. By using the popularity of the social media, they managed to corrupt a genuine chat site named Omegle, which after been reporter by affected users, also is known as the Omegle Phishing Virus. The Omegle distribution method is very common; it leans of phishing tactics, which consist in making the computer users believe that they have accesses the legitimate Omegle site, when, in reality, what they are visiting are fake, fabricated websites. Another entrance method is via bogus notifications prompting the computer user to download a fake software update, or a highly-attractive advertisement offering prizes to the users. These fake update offers or the advertisements, when clicked, will open the path for the Omegle Phishing Virus to enter the computer....

Posted on August 8, 2019 in Browser Hijackers