The Carbon Backdoor is a custom-made Remote Access Trojan (RAT). This threat is part of the arsenal of an Advanced Persistent Threat group called Turla. During their over a decade of threatening activity, the group has been assigned numerous aliases by the infosec community. Some of them are - Ouroboros, Snake, Venomous Bear and Waterbug. Certain aspects of the group's activities suggest that the hackers might have some connections to Russia.  Turla  has carried out quite a few attack...

Undertain.work hosts an online tactic that pursues a single goal – to hijack your browser notifications. This might not sound troublesome, but you can rest assured that Undertain.work's behavior can be very annoying. Users may come across the Undertain.work Pop-Ups while browsing low-quality websites, and they may be told that they have to click 'Allow' to confirm that they are real persons and not robots. This warning is false, and you can rest assured that Undertain.work is not a page used...

FlickerStealer is a threatening piece of malware whose author has opted to sell it to like-minded cybercriminals in exchange for regular payments. According to their advertisement, the FlickerStealer malware is capable of collecting the following data from compromised computers: Databases of Google Chrome, Mozilla Firefox, Opera, Microsoft Edge and over 30 other Web browsers. Various cryptocurrency wallets. Data from the Windows Credentials Manager. Credentials for FTP...

The New Tab Theme Buddy is a Potentially Unwanted Program (PUP) promising to grant users the ability to customize their new tab page with cool themes and wallpapers. However, it may try to hide the fact that the New Tab Theme Buddy's installation has one mandatory requirement – the users must allow the add-on to control their default new tab page. Once this permission is given, the PUP will introduce the website Search.searchworm.com as the default search page. This minor change is not...

Online criminals and con artists often impersonate legitimate companies and organizations to make their threatening campaigns seem more believable. Recently, cybersecurity experts noticed a surge in the popularity of scams linked to USAA, a legitimate financial services organization. The so-called 'USAA' email scam is designed to trick its recipients into visiting a phishing page that asks for sensitive data, or it might try to trick them into downloading a piece of malware. The fraudulent...

Trustcontent.monster is a misleading page that hosts deceptive content used to hijack the Web browser notifications of the users. The carrier may pretend to host an entertaining video, which users might be trying to view. However, the page warns them that video playback is disabled, and they need to enable it by clicking the 'Allow' button shown on their screen. Users who pay close attention to the on-screen instructions may notice immediately that the purpose of the button is entirely...

Liveplayingnow.com is a Web page that tries to hijack your browser notifications by promising you access to adult videos and content. However, Liveplayingnow.com does not have such content to offer and, instead, it tries to convince you that you can access it by clicking the 'Allow' button to confirm that you are over 18 years of age. However, this action will end up doing something entirely different – it reconfigures your Web browser to permit Liveplayingnow.com's notifications. The...

Liveplayingnow.com is a Web page that tries to hijack your browser notifications by promising you access to adult videos and content. However, Liveplayingnow.com does not have such content to offer and, instead, it tries to convince you that you can access it by clicking the 'Allow' button to confirm that you are over 18 years of age. However, this action will end up doing something entirely different – it reconfigures your Web browser to permit Liveplayingnow.com's notifications. The...

Search.searchworm.com is a low-quality search engine that may be introduced to your Web browser by a Potentially Unwanted Program (PUP) or a browser hijacker. Software of this sort often reaches computers with the use of misleading software bundles, fake downloads or deceptive advertisements. The good news is that Search.searchworm.com is not an unsafe website, and it can even be used on a daily basis. It does work as a search engine, but its search results may sometimes include sponsored...

The Xdddd Ransomware is a file-locking Trojan from the family of the Paradise Ransomware. This Trojan blocks Windows users' files, generally, in regions outside of Post-Soviet states. Robust backups on other devices may be necessary for the recovery of any files that it attacks. Users with appropriate anti-malware products should quarantine or remove the Xdddd Ransomware as soon as possible after its detection. The Paradise Ransomware , a family of Trojans most notable for...

The Pizhon Ransomware is a file-locking Trojan that targets Russian victims. The Pizhon Ransomware blocks the user's media files and leaves multiple ransom notes that ask for money in return for an unlocking service. Users with secure backups can ignore the messages and recovery freely, and most PC security solutions will safely delete the Pizhon Ransomware. Although the time between old Russia-connected Trojans like the Energy Ransomware and the FakeMBAM Backdoor is far from ancient...

The ALVIN Ransomware is a file-locking Trojan of a currently unknown family. The ALVIN Ransomware can block the user's digital media files, such as documents, through encrypting them. The ALVIN Ransomware also changes their extensions and creates ransom messages recommending that victims pay Bitcoins for a recovery tool. Sufficient backup precautions will eliminate most dangers from this Trojan, along with PC security solutions for removing the ALVIN Ransomware installations. In both...

If your Web browser is being flooded by Partmenta.space notifications, it is likely that you have fallen for a pop-up tactic that has become very popular recently. Pages like Partmenta.space display false pop-ups saying that users need to certify that they are not robots by pressing the 'Allow' button shown on their screens. However, this action will actually modify their Web browser's settings to permit Partmenta.space's notifications. Because of this minor change, this page will gain the...

Nnouncils.space is a website you may see in your browser because of intrusive online advertisements and pop-ups. Nnouncils.space pretends to be hosting a standard anti-robot check that users must complete to continue browsing. However, Nnouncils.space's instructions say that you must click 'Allow' to confirm your identity. The trick is that you will command your Web browser to enable Nnouncils.space's notifications by performing this action. Once subscribed to Nnouncils.space's content, you...

Myoglobal.work is a page whose contents are dedicated to engaging users in a low-level tactic. The good news is that Myoglobal.work's con is not unsafe at all. However, it may prove to be an annoying issue to deal with. When users stumble upon Myoglobal.work, they will be prompted to confirm that they are not robots by pressing 'Allow.' This harmless request actually serves a special purpose – by pressing 'Allow,' visitors will enable Myoglobal.work's notifications in their Web browser. This...

Mediakick.biz is a fake page that users may end up visiting while trying to download pirated files from the Internet – movies, TV series, game cracks, software activators, etc. The goal of Mediakick.biz is to trick visitors into thinking that their downloads are being prepared and they need to click 'Allow' to proceed. However, if they complete this request, they will end up subscribing to this website's annoying and intrusive notifications. Mediakick.biz will misuse this valuable browser...

Cybersearch.xyz is a low-quality search engine that is likely to prioritize sponsored results, advertisements and other marketing content. All of this would be fine if it were not for the fact that Cybersearch.xyz may be brought to your Web browser automatically. This is likely to happen with the help of 3rd-party utilities whose installation may occur without your knowledge and approval. This may happen because of low-quality software bundles that use misleading instructions and tricks to...

PDFConverterSearch4Free is the name of a Potentially Unwanted Program (PUP) claiming to be a useful application meant to enhance your Web browser's functionality. As its name suggests, PDFConverterSearch4Free is supposed to allow you to convert PDFs and other documents with ease. However, all it really does is introduce a new search engine (Feed.pdfconvertersearch4free.com) and a new tab page unsafe. However, they are annoying. The websites PDFConverterSearch4Free promotes, behave like...

The ZaLtOn Ransomware is a file-locking Trojan that's an update of the Xorist Ransomware. The ZaLtOn Ransomware can block the user's files with encryption, create Windows pop-up alerts, and leave ransom notes that ask for Bitcoin ransoms. Freeware decryption services and secure backups are effective against this threat's attacks, and nearly all anti-malware tools should delete the ZaLtOn Ransomware quickly. What malware researchers peg as another variant on the Xorist Ransomware family,...

The Szymekk Ransomware is a file-locking Trojan and a variant of the Cobra Locker Ransomware (or Cobra_Locker Ransomware). The Szymekk Ransomware can block the user's media files with its encryption and create a screen-blocking pop-up window with its ransom demands. For protection, users should save backups to traditionally-secure locations for recovery and let reliable PC security solutions block or remove the Szymekk Ransomware. With one of its last variants being a Stephen King-inspired...