The Vpsh Ransomware is a file-locking Trojan that's a part of the STOP Ransomware or Djvu Ransomware family. The Vpsh Ransomware may circulate through torrents, brute-force attacks, or other exploits and sabotages the user's media files by encrypting or blocking them. Windows users with backups can recover their files without trouble, and most PC security products should contain and remove the Vpsh Ransomware. The arbitrary naming schemes around the STOP Ransomware family's releases over...

The CSPY Downloader is a new malware implant that has been used by the Lazarus Advanced Persistent Threat (APT) group (also known as Kimsuky and Hidden Cobra) in their recent attacks against institutions and organizations involved in the development of COVID-19 vaccines. The CSPY Downloader was usually deployed as a first-stage implant whose purpose was to gather basic system information and to ensure that the coast is clear for a secondary payload to be delivered – the new  KGH Malware...

Read-the-news.online is a fraudulent page that does not host any news contrary to its name. Instead, it is home to one or more misleading pages, aiming to hijack the Web browser's notifications. One of Read-the-news.online's tactics is executed by showing a fake video player that is accompanied by a message to click 'Allow' on the on-screen prompt. However, this action does not result in enabling video playback – instead, it subscribes you to Read-the-news.online's notifications. Users who...

Tanguage.work is a Web page using misleading prompts and messages to trick users into granting it permissions to use Web browser notifications. For example, this site says that users must click 'Allow' to view an 18+ video – however, doing this does not lead the user to any video and, instead, it will enable Tanguage.work's notifications in the user's Web browser. If this change is permitted, Tanguage.work may abuse the feature to deliver tons of paid advertisements. Needless to say, having...

Wnedbelie.space is a website whose fraudulent content may be promoted via online advertisements and pop-ups, usually hosted on adult video streaming sites. The goal of Wnedbelie.space is to convince the users that they can only view 18+ content if they confirm their age by clicking 'Allow.' However, the prompt containing this button has a purpose entirely different – it is meant to enable the Wnedbelie.space notifications in your browser. If this action is completed, the page will receive the...

Nessground.space is a misleading page that claims to provide users with the ability to download files they were searching for, but only if they enable this feature by pressing the 'Allow' button on top of their screen. The page uses these misleading messages to trick its visitors into subscribing to the Nessground.space notifications and reconfiguring their Web browser to show Nessground.space's content without interruptions – these changes are made by simply clicking 'Allow.' Needless to...

The TechandStrat Ransomware is a Windows file-locking Trojan and an update of the Wacatac Ransomware (or DeathRansomware Ransomware). Unlike early versions of that Trojan, the TechandStrat Ransomware can securely encrypt and block media files, along with issuing ransom demands to victims. Robust anti-malware tools may delete the TechandStrat Ransomware, but users may need backups for restoring the lost content. Although updates have made it unrecognizable from its ancestor, a new version...

North Korea's most infamous Advanced Persistent Threat (APT) group, Lazarus, is still going after companies and organizations are involved in developing COVID19 vaccines. Their latest campaign is executed with the help of cleverly crafted spear-phishing emails, which attract the victim's interest by claiming to be addressed to the Japanese Prime Minister or stating that they were sent out by a North Korean defector. The emails usually come with a file attachment that uses a Microsoft Office...

The UNSTABLE Botnet project is very similar to the SORA Botnet, and, in fact, both of these campaigns were discovered just a few days apart in February 2020. Just like the SORA Botnet, this one also relies on CVE-201717215 and CVE-2018-10564 to hunt for vulnerable Internet-of-Things (IoT) devices, but it may also test them for a less-known ThinkPHP Remote Code Execution (RCE) vulnerability. Since the authors of the UNSTABLE Botnet have based their entire project on the  Mirai Botnet...

The Scarface Botnet is a relatively unpopular botnet project that was created by previously unknown cybercriminals calling themselves 'Scarface.' The threat is not sophisticated at all. Still, it has more than enough features to cause mayhem thanks to the fact that the majority of its code is borrowed from the infamous Mirai Botnet project. Mirai's source code was released online in 2017, and, unfortunately, it has given dozens of cybercriminals the opportunity to create a fully-functional...

The SORA Botnet is a project that was first uncovered at the beginning of February 2020. This campaign is based on the leaked source code of the Mirai Botnet, and it is an unknown cybercriminal's attempt to create a botnet operation that could be used to execute cryptocurrency mining tasks or Distributed-Denial-of-Service (DDoS) attacks. Often, the criminals behind projects like the SORA Botnet do not have any intention to use the attacks against specific targets – instead, they plan to offer...

Trojan.SH.MIRAI.BOI is a detection name used to describe an exploit that multiple cybercrime organizations use to infect devices and make them parts of a botnet based on the Mirai project. The Trojan.SH.MIRAI.BOI exploit concerns two new vulnerabilities found in BIG-IP services and systems and a myriad of outdated vulnerabilities that may still affect unpatched devices. The Trojan.SH.MIRAI.BOI botnet downloader has been used against BIG-IP systems, Netlink routers, Netgear routers, Apache...

Alspearowa.com is a misleading page that wants to gain access to your browser notifications. However, it does not plan to use this feature to be helpful or entertaining and, instead, it intends to abuse it to deliver unlimited paid advertisements to your Web browser. This is why it does not reveal its true intentions and, instead, it says that you must click 'Allow' if you want to leave the page or confirm that you are not a robot and continue browsing. However, performing this action will...

Seeing Laborationf.work notifications in your browser means that you have fallen victim to the primary tactic hosted on this website. Thankfully, the tactic is not harmful, and it is not used to gain access to data and credentials. Instead, it aims to trick you into subscribing to Laborationf.work's notifications by displaying false prompts trying to convince you to confirm you are not a robot by clicking 'Allow.' Many users might think this is a legitimate prompt and follow the instructions...

Noversolic.space is a deceptive page that was set up by online con artists with the sole goal of hijacking the browser notifications of its visitors. However, to do this, the page needs to convince the user to interact with a prompt asking them to enable browser notifications. This is why Noversolic.space uses misleading prompts telling visitors to press 'Allow' to confirm their identity and continue browsing. Interacting with this button will, however, end up subscribing them to...

Trustcontent.surf is a misleading website used to hijack the notifications of Web browsers. To do this, it shows a fake prompt asking the user to enable video playback. The prompt is accompanied by a still image resembling the YouTube video player. The page says users need to click 'Allow' to play the video – performing this action will yield different results. By clicking 'Allow' users will subscribe to Trustcontent.surf's notifications. If the Trustcontent.surf gains permission to use...

The Ahmed Minegames Ransomware is a file-locking Trojan. The Ahmed Minegames Ransomware can block media files with a non-secure encryption routine and creates a pop-up alert with password protection for its unlocking service. Windows users may recover by entering a compatible password or use a backup after deleting the Ahmed Minegames Ransomware with a proper security solution. An amateur-level effort at a file-locking Trojan produces fruit, although the bounty isn't as sophisticated as...

The BNFD Ransomware is a file-locking Trojan that's a part of the AES-Matrix Ransomware family. The BNFD Ransomware blocks media files on the computer to demand a ransom out of the victim and cause symptoms such as adding extensions and hijacking the desktop. Users should let their anti-malware tools delete the BNFD Ransomware automatically, although the recovery of files without a safe backup is questionable. As one of the quieter but well-maintained families of file-locker Trojans,...

The Aieou Ransomware is a file-locking Trojan that blocks digital media and ransoms the unlocking service. The Aieou Ransomware includes classic symptoms like text ransom notes and extension changes and targets Windows environments. Users can protect their files with backups and their PCs with anti-malware tools for the safe removal of the Aieou Ransomware. Trojan campaigns without dependencies on families like the  Scarab Ransomware , the  Djvu Ransomware , or others make for a...

Since the Mirai Botnet source code was published online in 2017, cybercriminals have been using it to create and set up their botnets. The latest botnet to follow this pattern is known as Katana, and, unfortunately, it may soon prove to be a major problem. The Katana Botnet is considered to be an unfinished project for now, but malware researchers note that its creators seem to be applying new updates rapidly. Just recently, they introduced a wide range of Distributed-Denial-of-Service (DDoS)...