Fake codec packs have been a popular trick to propagate malware for over two decades. Even though modern video players and operating systems come pre-loaded with all necessary audio and video codecs, online con artists are still abusing this strategy to deliver potentially harmful files. The latest tactic of this sort is carried out via misleading 'Required Video Codec Is Not Installed On Your Computer' pop-ups. These messages state that the user's Windows Media Player cannot play a...

The Dex Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. The Dex Ransomware can block most media formats, including documents, on infected PCs, delete their backups, change their extensions, and leave behind ransom notes. Users should have backups on at least one other device for restoring any content and let their dedicated security services remove the Dex Ransomware. The Dharma Ransomware family appears neck-and-neck with the...

The NocryCrypt0r Ransomware is a file-locking Trojan that's a variant of CryptoJoker Ransomware, an open-source project. The NocryCrypt0r Ransomware blocks the user's files with RSA-secured XOR encryption and includes some supporting features, such as changing extensions and delivering text ransom notes. Windows users can immunize their files from this extortion by securely saving backups effectively and should have anti-malware solutions available for safely deleting the NocryCrypt0r...

The Meh Malware is a newly discovered project used against targets in Spain and Argentine actively. It seems that the authors of the malware are relying on corrupted torrents to be the primary method to propagate this implant. Users who fall victim to the Meh Malware may be in a lot of trouble because this project is quite diverse in terms of functionality. While its primary purpose is to log keystrokes and collect information, it also packs a Remote Access Trojan (RAT) module that could...

The Grelos Skimmer, a relatively old credit card skimmer, appears to be gaining popularity among cybercriminals again. The threat's first version was identified in 2015, but it appears to be making a comeback in 2020 with a new and threatening update. Malware researchers who analyzed Grelos Skimmer's execution report that the latest update shares many similarities with the infamous MageCart group's strategies. The Grelos Skimmer is a typical JavaScript-based skimmer that can only be planted...

Backdoor.Hartip is a Trojan that is only involved in one identified attack campaign currently. Backdoor.Hartip is used as a second-stage payload, and it is a part of the arsenal of the  APT10  group, an Advanced Persistent Threat (APT) actor currently. The group's recently identified campaign targets Japanese companies operating in several sectors, including the automotive and pharmaceutical industries. The group made the news recently because it managed to take advantage of the...

Myclickpush.com is a Web page that displays fraudulent messages in an attempt to trick users into clicking a particular button. This small con is not unsafe, but it can be a rather annoying issue to deal with if you end up falling for it. Myclickpush.com prompts users to click 'Allow' to continue browsing – however, engaging with this button is meant to subscribe you to this website's notifications. If these permissions are granted to the page, it may flood your browser with tons of undesired...

Not all browser add-ons are there to make your Web browsing sessions more entertaining or functional. They may often make misleading promises and then make entirely different changes to your Web browser's behavior. An extension that relies on such deceptive tricks is GetVideoSearch. It may pose as a useful tool to download videos from various websites and social media networks. However, users who install it may not get access to such features at all, and, instead, GetVideoSearch will replace...

The Zimba Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family. The Zimba Ransomware can remove local backups while encrypting the user's media files, including documents and a broad range of other formats, and hold them for a ransom. Users with non-local backups can recover without paying, and most anti-malware services will catch and delete the Zimba Ransomware. Springing up from the well-known and long-time-active family of the  Dharma Ransomware , the...

The R2Block Ransomware is a file-locking Trojan without a known family that blocks Windows PCs' media files. Its encryption isn't reversible for free currently, and attacks include symptoms such as hijacked wallpapers, extension changes and pop-ups in Persian. Users with anti-malware tools should leverage them for removing the R2Block Ransomware as soon as possible and retrieve their files from the latest backup. Some of the best-known parts of the threat landscape that concern Iranians...

The Sglh Ransomware is a file-locking Trojan that attacks digital media, such as documents, and prevents them from opening. As part of the STOP Ransomware's family, it also includes symptoms such as changing extensions and hijacking the user's Web-browsing settings. Most PC security products should flag this threat and remove the Sglh Ransomware on sight, and backups can assist with data recovery. The  STOP Ransomware  family, whose campaigns tend towards differentiating themselves...

An unknown cybercrime organization is targeting Latin American users with a new piece of malware, which goes by the name Chaes. The newly identified threat aims to collect payment information and other data from its victims. Surprisingly, it does not target customers of Latin American banks and financial institutions. Instead, the Chaes Malware appears to specialize in going after users of the MercadoLivre, a marketplace popular in the region. Apart from fulfilling the purpose of an online...

ZeroLogon is the nickname given to a Microsoft Windows vulnerability that has been categorized as CVE-2020-1472. Cybersecurity experts have given the vulnerability a threat factor 10 out of 10, according to the Common Vulnerability Scoring System (CVSS.) Initially, some believed that it would be a long time before the ZeroLogon vulnerability would be used in the wild, but it would appear that an Advanced Persistent Threat (APT) actor has already managed to employ ZeroLogon in their...

StreamBee is a misleading browser extension whose primary advertising point is that it promises to provide users with access to entertaining sports, movie and TV series streams. However, users who agree to install the StreamBee add-on may face a different experience. Instead of being useful and entertaining, StreamBee may modify their browser's settings in a negative way. One of the changes linked to StreamBee concerns the Web browser's default new tab page and search engine – they may be...

The website Arhowever.top is home to a basic tactic, which wants to trick visitors into granting the page the ability to use Web browser notifications. Of course, Arhowever.top's administrators do not plan to use this feature to be helpful or entertaining – their goal is to abuse the browser notifications to deliver an endless stream of paid advertisements. The tactic requires some interaction from the user. When a visitor comes across the bogus Arhowever.top pop-ups, they may be asked to...

Browser-based tactics are not always looking to milk users out of their money. Sometimes, they are far less sinister, but they can still prove to be a significant nuisance. Such a tactic is hosted on Ressureslun.top, a misleading page designed to hijack browser notifications. Users may come across Ressureslun.top because of online advertisements and pop-ups, and they may be prompted to ratify that they are not robots immediately. Ressureslun.top claims that users can do this by pressing...

Service-update.network is a website that uses misleading pop-ups and messages to trick you into thinking that you have to confirm that you are not a robot. The site's messages state that you can do this in a very simple manner – just press the 'Allow' button shown on your screen. However, if you look into the prompt, you may notice immediately that the 'Allow' button has nothing to do with any 'anti-robot check' – instead, it is meant to subscribe you to Service-update.network's...

The '24-support-global.expert' pop-ups are corrupted browser messages that appear to target users of Apple devices exclusively. These pop-ups may often provide untruthful information about your computer, laptop, or phone's health and condition. For example, the '24-support-global.expert' pop-ups may claim that you have become the target of a malware attack and that you must take action immediately. The pop-ups warn you that your private information, credit cards, logins, and other data may be...

Ad-blockers and pop-up blockers have become a vital add-on for any Web browser. However, more and more websites are looking for ways to serve advertisements to users of such software. This is why many Internet users continue to experiment with different types of ad-blockers. One of the ad-blocking add-ons to grow in popularity recently is called PBlock+, and it is suited to the Google Chrome Web browser only. Unfortunately, PBlock+ is not a solution to unsolicited online advertisements....

The Shiton Ransomware is a file-locking Trojan that's from VoidCrypt Ransomware's family. The Shiton Ransomware continues blocking files using a currently-secure encryption method, along with creating pop-up ransom notes, disabling security features, and removing backups. Most effective anti-malware products should delete the Shiton Ransomware as a danger to your PC before it begins locking files. The  VoidCrypt Ransomware 's family is gaining new members at a slow but...