A Russian malware developer appears to be advertising a new infostealer on hacking forums. The threat, dubbed Xenon Stealer, can be purchased for as low as $80, therefore making it one of the more affordable malware-as-a-service projects available online. Unfortunately, this is likely to attract the interest of many cybercriminals, who may end up propagating the Xenon Stealer worldwide. One of Xenon Stealer's distinctive properties is that it does not need a Web-based control panel to be...

The DeathStalker APT hacking organization continues to provide adversaries with hacking-for-hire services. By offering their services to the highest bidder, the DeathStalker hackers ensure that they will have enough resources to develop highly sophisticated malware such as the newly identified PowerPepper Malware. While PowerPepper might not shine with any extraordinary functionality, its authors have focused on implementing the best evasion techniques available. This helps the malware stay...

The FickerStealer malware appears to be a very threatening project whose authors have decided to make it available to like-minded cybercriminals. However, hackers who wish to use the corrupted binaries of the FickerStealer may need to purchase a license from the original creator. According to the forum threads used to advertise the FickerStealer project, users can purchase licenses costing from $90 for a week up to $900 for six months. The author claims that their product will receive regular...

Global-support.space is a misleading website whose pop-ups and messages may be promoted by low-quality websites like torrent trackers, adult video streaming services, and pages linked to pirated content. The goal of the Global-support.space Pop-Ups is to convince visitors that their device has been infected by multiple threatening viruses and that they need to act immediately. It seems that the primary targets of the Global-support.space Pop-Ups are iOS users, but it is possible that Android...

Division Search is a Potentially Unwanted Program (PUP) whose installation may bring unwanted changes to your Web browser's behavior and settings. This add-on may pose as a useful utility that gives you better control over your online privacy, but, in reality, its creators want to achieve one thing – redirect more users to the website Divisionsearch.com. This is why Division Search will set this Web page as the browser's default new tab page and search engine. Division Search behaves in a...

Mixture Search is a misleading browser add-on, which promises to provide its users with enhanced search features and better control over their online privacy. However, this add-on does not replace the user's new tab page and search engine with the URL mixturesearch.com. Because of this change, all of the user's searches will be redirected through this unknown website. A visit to Mixturesearch.com reveals that it enables users to select the default search aggregator they would like to use –...

The LAZPARKING Ransomware is a newly detected file-locker, which is still being studied thoroughly. For now, it is certain that the LAZPARKING Ransomware has the ability to encrypt a rich list of file types, therefore causing severe damage to the infected computer's file system. Of course, the creators of the LAZPARKING Ransomware claim to be in possession of a decryption tool, which their victims can use as soon as they agree to pay a ransom fee via Bitcoin. The attackers' full instructions...

The IceRAT Malware is a peculiar cyber threat whose author has adopted an innovative way to create the payload. They are using a programming language known as JPHP – the special thing about this language is that it runs PHP code inside a Java Virtual Machine (VM.) This is not efficient in terms of performance, but it might help the IceRAT Malware stay undetected by outdated anti-virus software. Furthermore, the IceRAT Malware is made even more undetectable by the fact that its code is split...

The Crutch Malware is believed to be part of the arsenal of the Turla hacking group, a Russian Advanced Persistent Threat (APT) actor specializing in attacks against government entities and companies operating in the education, medical, and energy industry. Their latest project, the Crutch Malware, was discovered on the systems belonging to a government part of the European Union, and it seems to work as both a backdoor Trojan and a covert infostealer. The low detection rate of the Crutch...

The Tsunami Botnet has been active for several months, and its operators seem to be introducing new payloads and infection vectors regularly. The Tsunami Botnet campaign's latest variant goes after Docker instances, vulnerable Oracle WebLogic servers, and Redis instances. It also seems that the Tsunami Botnet now supports SSH credentials brute-forcing, which might be used to spread laterally once a network has been infiltrated. The Tsunami Botnet's attack carries out additional tasks to...

It is not uncommon for cybercriminals to go after other cybercriminals instead of regular users. Often, this involves promoting 'free malware' utilities, which other wannabe hackers might find interesting and attractive. This is the case of the Symchanger Malware, which appears to be promoted on online forums, hidden social media groups, and other platforms that cybercriminals frequent. The Symchanger Malware poses as an excellent hacking tool that can be used to infiltrate websites running...

Esperblacke.top is a website, which may tell you to click 'Allow' to confirm you are not a robot. However, this prompt is fake – clicking 'Allow' will result in commanding your Web browser to accept notifications from Esperblacke.top. Because of this permission, Esperblacke.top will have the ability to abuse the feature and bring unlimited advertisements to your Web browser. Esperblacke.top's notifications contain nothing but advertisements, which may often link to shady websites and...

Trustedpush.com is a misleading website, which relies on deceptive prompts to trick users into subscribing to its notifications. While many websites use browser notifications to deliver up-to-date news, Trustedpush.com has no intention of using this feature to be helpful. Instead, it will abuse it relentlessly to flood the Web browser with advertisements. If you regularly see notifications from Trustedpush.com, then it is likely that you have fallen for one of the basic cons it employs to...

ProStreamsSearch is part of a series of Potentially Unwanted Programs (PUPs,) which claim to be useful software when, in reality, their sole purpose is to hijack the configuration of Web browsers. The ProStreamsSearch program will replace the default new tab page users see with Portal.prostreamssearch.com, while their search engine will be configured to Feed.prostreamssearch.com. Both websites behave in a similar manner, and they deliver results based on Yahoo Search. Users might be tempted...

ChannelSystem is a macOS application, which users might install by accident while dealing with low-quality software bundles, fake downloads, or other misleading content. Thankfully, ChannelSystem is not threatening, and it is not associated with threatening behavior. However, having this software on your macOS computer is still bad news because ChannelSystem may bring undesired changes to your Web browser's behavior. For example, ChannelSystem is known to bring unwanted advertisements, as...

The NORD Ransomware is a file-locking Trojan that attacks the user's digital media files and stops them from opening. As part of the small family of the DarkCrypt Ransomware, it delivers ransom notes in HTA and TXT formats similar to previous members, changes files' extensions, and has no free unlocking solution. Windows users should have backups for protecting any files and let traditional anti-malware utilities delete the NORD Ransomware as they detect it. The  DarkCrypt Ransomware...

Advanced Persistent Threat (APT) actors are among the most skilled, resourceful, and experienced cybercriminals. Their operations frequently involved multiple payloads, complicated social engineering tricks, and ever-evolving tactics. Recently, a gang known as the Bismuth APT attracted the cybersecurity field's attention because of their innovative method to hide the true purpose of their attacks. This group's activities can be traced back to 2012, and their attacks are usually focused on...

The DarkIRC Malware is a publicly sold piece of threatening software, whose author asks for around $75. It seems that an experienced cybercrime group has started using the DarkIRC payload recently, and this campaign targets Oracle WebLogic servers exclusively. Cybersecurity experts believe that the criminals are looking for unpatched servers riddled with old vulnerabilities that can be exploited. However, judging by DarkIRC Malware's features, the criminals also might be relying on a classic...

Docker instances are once again the prime target of a new cybercrime gang, which has unleashed the Xanthe Malware. This threat only runs on Linux systems, and it specializes in exploiting poorly configured Docker instances. Once it infiltrates a system, the malware will try to deploy an  XMRig -based cryptocurrency miner, which will utilize the infected server's resources to mine for cryptocurrency. In addition to dropping a payload, the Xanthe Malware also tries to spread laterally on a...

Fake software and promotions are among the favorite tricks of online con artists because they can often attract a lot of attention from users. This is the exact strategy that the 'PayPal Desktop App' scam is employing. Fake ads and websites tell users that they can download and use the new 'PayPal Desktop' application and that they will be awarded $100 credit for being the first ones to test this exciting new program. However, a PayPal app for desktop computers doesn't exist, and the 'PayPal...