Spy-Net

The Spy-Net RAT (Remote Access Trojan) is a threat, which is publicly available, and thus anyone can make use of it. Sometimes, rookie cyber crooks start their journey in the world of cybercrime by employing readily available threats like the Spy-Net Trojan. However, there are instances where highly-skilled and experienced actors make use of such threats too. For example, the Spy-Net RAT is known to be a part of the hacking arsenal of the infamous Iranian based state-sponsored group called APT33 (Advanced Persistent Threat). May Evade Low-Quality Antivirus Tools The Spy-Net RAT is not exactly a newly emerged threat so most legitimate anti-malware tools should be able to detect and remove it. However, some low-quality security tools may not be able to protect your system. If the Spy-Net RAT infects your PC, it can start collecting...

Posted on July 30, 2019 in Backdoors

Android/Filecoder.C Ransomware

Ransomware threats targeting Android devices are not very common despite the popularity of the Android OS. However, some cybercriminals still decide to try their luck and develop data-locking Trojans for Android devices. This is the case with the authors of the Android/Filecoder.C Ransomware. Propagation Via Fake Erotic Games The Android/Filecoder.C Ransomware is masked as an adult game and appears to have been advertised on various forums and even on Reddit. The authors of the Android/Filecoder.C Ransomware also use text messages as an infection vector. Once installed, the Android/Filecoder.C Ransomware will begin sending text messages to all the contacts on the victim's contact list. The messages would state that the recipient of the text has had their photo used in an adult game named 'SexSimulator' and would provide a link to the...

Posted on July 30, 2019 in Ransomware

Nqix Ransomware

Recently, malware experts spotted a brand-new ransomware threat. This data-encrypting Trojan is named the Nqix Ransomware. Once researchers inspected the threat, they discovered that it is a variant of the Dharma Ransomware. Infection and Encryption It is not yet clear what are the specific infection vectors that have been employed in the propagation of the Nqix Ransomware. Some speculate that the authors of the Nqix Ransomware may have used spam email campaigns, alongside bogus application updates, and fake pirated copies of legitimate software as these are among the most popular methods of spreading ransomware threats. When Nqix Ransomware compromises your PC, it will kick off the attack with a brief scan of your files. The scan's goal is to locate the files, which will be locked during the encryption process. Then the Nqix...

Posted on July 30, 2019 in Ransomware

100 Million Capital One Customer's and Applicant's Data Breached by Seattle Woman Charged with Hacking Incident

The popularized Capital One slogan, "what's in your wallet", doesn't sound all that great at the moment as the fifth-largest U.S. credit-card issuer is hit with one of the largest data breaches of a big bank. The data breach was conducted by Paige A. Thompson, 33 years old, who was arrested in connection with the hack by federal agents in Seattle. Thompson is accused of attacking Capital One through a firewall that gave access to customer data stored on Amazon's cloud service. The data is said to belong to upwards of 100 million customers and Capital One applicants that may have applied for credit or accounts in the past between 2005 and early 2019. The data specifics include addresses, birth dates, and even self-reported incomes. Reportedly, Ms. Thompson is a former employee of Amazon Web Services Inc., which is the service utilize by...

Posted on July 30, 2019 in Computer Security

GoBot2

GoBot2 is a backdoor Trojan that is written in Google's Go programming language, which is fairly new so that not that many cyber criminals opt to use it when creating malware. It is an open-source project, which means that anyone can obtain the code and create a new variant of this backdoor Trojan. Attacks Targeting South Korea Recently, a variant of the GoBot2 called GoBotKR was employed in an attack targeting South Korean users. The goal of the GoBotKR was to infect and hijack as many machines as possible, which the attackers would go on to use as a botnet enabling them to launch DDoS (Distributed-Denial-of-Service) attacks or even use them to mine various cryptocurrencies. Capabilities The GoBot2 Trojan is able to gather data regarding the compromised system. This helps the attackers decide how to act once they have gained access to...

Posted on July 29, 2019 in Trojans

TONEDEAF

The APT34 (Advanced Persistent Threat) is a hacking group that originates from Iran. They also are known under the aliases Helix Kitten, OilRig, and Greenbug. It is largely believed that the APT34 hacking group is sponsored by the Iranian government and is often given tasks to carry out, which would further Iranian interests with most the efforts focused on the Middle Eastern region. Often, the APT34 hacking group would target companies in the defense, chemical, energy, and financial industries. Propagation via Social Engineering The APT34 hacking group would often employ social engineering tactics as a means to propagate their threats. Such is the case with the TONEDEAF backdoor Trojan. Members of the APT34 would set up bogus LinkedIn profiles pretending to be reputable scientists. Once they establish a connection with the targeted...

Posted on July 29, 2019 in Backdoors

MCrypt2019 Ransomware

The MCrypt2019 Ransomware is a brand-new data-locking Trojan. Very often, cybercriminals would take the code of an already existing ransomware threat, tweak a little to their liking, and release it as their own. However, it appears that the MCrypt2019 Ransomware is not a variant of any of the popular file-encrypting Trojans. Propagation and Encryption It has not yet been determined what infection vectors are involved in the spreading of the MCrypt2019 Ransomware. Some malware researchers speculate that the authors of the MCrypt2019 Ransomware may be employing some of the most common propagation methods such as mass spam email campaigns, bogus software updates, and pirated fake copies of popular applications. When the MCrypt2019 Ransomware infiltrates a PC, it performs a brief scan, which determines the locations of the files, which...

Posted on July 29, 2019 in Ransomware

Wulfric Ransomware

Malware researchers detect more and more ransomware threats pop-up every day. One of the newest file-encrypting Trojans that has emerged is the Wulfric Ransomware. This appears to be a data-locking Trojan that has been built from scratch as it does not belong to any of the popular ransomware families. Spreading and Encryption Cybersecurity experts have not been able to determine what propagation methods have the authors of the Wulfric Ransomware used in the spreading of their creation. Some believe that emails containing macro-laced attachments, pirated fake software downloaded from shady sources, and fraudulent application updates may be among the infection vectors involved in the propagation of the Wulfric Ransomware. Whichever way the Wulfric Ransomware finds itself on your system the result is one and the same – you are in for some...

Posted on July 29, 2019 in Ransomware

Trojan.IStartSurf

The Extenbro Trojan, also detected as Trojan.IStartSurf, is a newly found DNS hijacking Trojan capable of swapping genuine DNS servers managed by a real ISP with rogue ones managed by malware actors. By doing so, Extenbro/Trojan.IStartSurf prevents targeted PC users from accessing AV software solutions, which may be needed for removing annoying adware tools planted by the DNS changer beforehand. The redirection from clean to compromised DNS servers is dependent upon successful neutralization of the IPv6 protocol. DNS Changers have been in circulation since late-2011 when the FBI neutralized a slew of rogue DNS servers that communicated with PCs already taken hold of by a DNS Changer. When redirected to a rogue DNS changer, the PC user’s machine is bound to stay offline for good unless redirected to uncompromised DNS servers. The goal...

Posted on July 26, 2019 in Trojans

'Android.Fakeyouwon' Malware

MobonoGram 2019, an Android-based application branded as an enhanced offshoot of the popular Telegram messaging application is, in fact, a threatening piece of software listed on the official Google Play Store recently. Presumably packing more features than its famous counterpart, MobonoGram 2019 is a classic messaging application. Besides getting people in contact, however, MobonoGram 2019 has now been found to perform certain tasks without having obtained the Android user’s carte blanche first. Such tasks range from running background services to churning out one malvertisement after another. MobonoGram 2019 aroused suspicion after its developers made the application available in countries which do not provide a market niche for Telegram typically. What is more, MoboniGram 2019 even showed up on Google Play in the Russian Federation...

Posted on July 26, 2019 in Malware

Sweed

The Sweed hacking group's activity was first spotted back in 2017. This ill-minded actor has been updating their hacking arsenal constantly, and some of the most popular tools they have used are the Formbook malware, the Agent Tesla malware, and the Lokibot malware. Preferred Propagation Method The preferred propagation method of the Sweed hacking group is phishing emails. They would often use social engineering techniques to craft their emails and make them seem as legitimate as possible. These emails often contain macro-laced attachments which contain the payload of the malware. If the victim falls for their trickery, they will give the attackers access to their system. Targets Microsoft Office Exploits In their first campaigns, the Sweed hacking group would propagate their threats via a '. ZIP' archive which would be delivered to...

Posted on July 26, 2019 in Trojans

APT33

The APT33 (Advanced Persistent Threat) dates back to 2013. Malware researchers believe that the hacking group originates from Iran and is likely to be state-sponsored. It appears that the APT33 hacking group's efforts are concentrated on furthering the interests of the Iranian government as they tend to target competing industries of foreign countries often in the area of aerospace, defense, and chemicals. Most of their campaigns concentrate on three particular regions – Saudi Arabia, the United States, and South Korea. It is not uncommon for governments to sponsor hacking groups and employ them for espionage and various other activities. The Latest Attack Targeted Saudi Arabia The APT33 puts quite a lot of effort on remaining anonymous as they often change their hacking tools as well as the infrastructure they use. In March 2019 the...

Posted on July 26, 2019 in Malware

Golang

One of the newest coding languages that is gaining popularity is Google's Go language quickly. As usually, malware developers are quick to jump on any new train that is picking up steam and more and more threats written in the Go language are spurting out. This language can be very useful as threats that are written in it can target both Windows and Linux running systems. There have already been several threats written in the Go language that have gained popularity – Hercules, Veil, and GoBot2. Recently, a new threat written in the Go language emerged. It is called the Golang Trojan and appears to target systems running the Linux OS mainly. The goal of the Golang Trojan is to hijack the machine and use it to mine cryptocurrency, namely Monero. Propagation Methods The authors of the Golang Trojan are spreading it using several different...

Posted on July 26, 2019 in Malware

AndroidOS_HiddenAd.HRXAA

The Android OS is the most popular OS for mobile devices and thus is the one that cybercriminals tend to target most. Apart from all the malware produced for Android daily, there is less harmful, but nonetheless, very irritating software targeting Android users called adware. Adware does not harm the user directly but will annoy them certainly by bombarding them with advertisements constantly. Not only is this overwhelming and irritating but oftentimes the products and services that are being promoted are of very low-quality and sometimes outright shady. In July 2019 it was revealed that the Google Play Store is hosting over 100 suspicious applications. Poses as a Legitimate Free Application Among these applications was the AndroidOS_HiddenAd.HRXAA. Once the AndroidOS_HiddenAd.HRXAA gets installed it will waste on time and begin...

Posted on July 26, 2019 in Malware

AndroidOS_HiddenAd.GCLA

Android users tend to put their full trust in the Google Play Store, thinking that there is no way they would allow any shady or corrupted application on there. However, they need to start taking their cybersecurity more seriously and begin to recognize the risks when downloading new software. In July 2019 a report unveiled that there were over one hundred dodgy applications on the Google Play Store. Some of them got so popular that they had almost 10 million downloads before the developers at the Google Play Store managed to remove them from their platform. Spams Full-Screen Advertisements Not all the shady applications contained downright threatening software. Some of them would install adware on the user's Android device. Despite this not being as harmful, it can lead to a lot of irritation and reduced quality of browsing certainly....

Posted on July 26, 2019 in Malware