DriverAgent Plus is not a threatening application, and it can be somewhat helpful if you opt to purchase the full version for $19.95. However, there are some issues about the methods being used to propagate and promote the DriverAgent Plus software. It may be present in low-quality software bundles that users may come across while downloading freeware from websites other than the publisher's official page. The installation of DriverAgent Plus is entirely optional, but the opt-out or opt-in...

The Energy Ransomware is a file-locking Trojan that has no known family or Ransomware-as-a-Service. The Energy Ransomware blocks the user's files, such as documents and other media, by encrypting them before creating a text message asking for a ransom. Users should have backups appropriate for recovery without paying and let their preferred anti-malware solutions safely remove the Energy Ransomware installations. Russia returns to the forefront of the threat landscape, briefly, through a...

The BlackOasis Advanced Persistent Threat (APT) group is a cybercrime organization whose members are likely to operate from the Middle East. Their targets include high-profile members of the United Nations committee and bloggers, activities and news outlets involved in politics. The group's campaigns have a very wide reach, and artifacts of their activity have been recovered from networks in multiple countries like the United Kingdom, Russia, Iraq, Nigeria, Libya, Jordan, Iran, Netherlands,...

WireLurker is a Trojan downloader that compromises macOS PCs and iPhones through bundling itself with other applications. WireLurker may use multiple techniques for installing other threats onto the system and transfer device and user information to an attacker's server. In addition to the recommendation of avoiding unofficial application stores, most standard anti-malware precautions for these environments should block and remove WireLurker through the usual security solutions. Social...

Acecard is the name of a mobile banking Trojan that targeted a large portion of the owners of Android mobile devices. The threat is believed to be spread via corrupted APK files imitating popular software such as video players, social media applications, photo editors, games and more. In some cases, the creators of Acecard also used fake names such as 'PornoVideo' to lure users in. Some samples of the Acecard also were hosted on the Google Play Store, so its authors had the know-how to bypass...

The Slingshot APT is a secretive group of cybercriminals whose activity has been traced back to 2012. Although the group's malware has been analyzed thoroughly, experts are yet unable to give a confident guess regarding Slingshot APT's motivations and nationality. The group appears to use English strings most of the time, but there is nothing else that could help guess their country of origin. The group's targets also are very diverse, and parts of their hacking implants have been discovered...

Taking money from an ATM device does not have to involve brute force necessarily – cybercriminals have come up with numerous malware projects, which can control specific brands and models of ATMs to empty their cash cassettes. Such attacks are very difficult to execute, but they are possible, and many cybercriminals are using custom-built malware like WinPot to do this. WinPot is a project that first surfaced in 2019, and the news about it spread on underground hacking forums. Allegedly,...

Brazil is a region that banking Trojans target frequently, and this trend continues in 2020. Recently, malware researchers uncovered a previously unknown campaign, which targeted the clients of various Brazilian banks and financial organizations. Allegedly, the criminals behind this campaign are using a collection of hacking tools and scripts, which serve multiple purposes. The collection of these tools is being referred to as the SolarSys malware toolkit, and it is one of the more impressive...

ProgressElemnt, also known as ProgressElemnt Search, is a Potentially Unwanted Program (PUP) that seems to only work on macOS devices. This PUP may reach you via a low-quality software bundle, fake installer/updater, or a misleading ad telling you to download a fantastic piece of software. Regardless of how ProgressElemnt ended up on your system, the consequences of installing it are always the same. You will not receive access to any valuable or entertaining features and, instead,...

LogarithmicEntry is a misleading macOS application that may be delivered to your computer via software bundling, fake advertisements or misleading offers. LogarithmicEntry serves no real purpose, and this probably explains why it does not have an official download page or publisher associated with it. Instead, it relies on fraudulent tricks to get to as many computers as possible. Once LogarithmicEntry is installed, it may modify the macOS 'Launch Daemon' and 'Device Profile' components to...

StreamSiteSearch is a browser extension promising to grant you access to cool and free online streaming services, which may allow you to view movies, sports streams and other entertaining media. However, StreamSiteSearch does nothing of this sort, and users who install it will only notice two changes – their new tab page will be replaced by Portal.streamssitesearch.com, while the default search engine will be set to Feed.streamssitesearch.com. There is nothing harmful about these changes, but...

Chromium Shield is a Web browser that claims to be more useful than Google Chrome, the world's most popular Web browser at the moment. As the name of Chromium Shield suggests, it was built using the Chromium project, an open-source variant of Google Chrome. However, its authors claim to have introduced tons of useful features such as integrated VPN, better search, ad-blocker, enhanced privacy and more. However, Chromium Shield is considered to be a Potentially Unwanted Program (PUP). Its...

The XNMMP Ransomware is a file-locking Trojan that's an update to the CONTI Ransomware. The XNMMP Ransomware stops users from opening their files by encrypting them and offers the unlocking service for a ransom. Backups on other devices can help recover any files, although traditional cyber-security software should remove the XNMMP Ransomware from Windows PCs without issues. Sticking it out in the threat landscape long-term, especially for file-locker Trojans, isn't a given. Thus, it's...

The LolKek Ransomware is a file-locking Trojan that's from the BitRansomware Ransomware, a Ransomware-as-a-Service family. The LolKek Ransomware includes features especially helpful for sabotaging unprotected networks but may block users' files in most Windows environments. Users with backups on other, protected devices and credible anti-malware products for removing the LolKek Ransomware should be safe. Very soon, the fledgling Ransomware-as-a-Service,  BitRansomware Ransomware ,...

The XNMMP Ransomware is a file-locking Trojan that's an update to the CONTI Ransomware. The XNMMP Ransomware stops users from opening their files by encrypting them and offering the unlocking service for a ransom. Backups on other devices can help recover any files, although traditional cyber-security software should remove the XNMMP Ransomware from Windows PCs without issues. Sticking it out in the threat landscape long-term, especially for file-locker Trojans, isn't a given. Thus, it's...

Cybercriminals are once again going after vulnerable or unsecured Internet-of-Things (IoT) devices. While these devices host important information rarely, cybercriminals can use them for other purposes – such as executing cryptocurrency mining operations or performing Distributed-Denial-of-Service (DDoS) attacks. The latest botnet to harvest IoT devices is called the HEH Botnet, and its primary targets appear to be routers, followed closely by miscellaneous IoT devices and servers. However,...

Oceanbefo.top is a misleading page, which tries to take advantage of your Web browser's notifications to spam you with advertisements. However, to do this, the page first needs to gain your permission to use notifications. It tries to do this by using fraudulent pop-ups, which ask you to confirm you are not a robot by clicking 'Allow.' If a visitor opts to perform this action, they will not pass any 'anti-robot' check and, instead, they will unknowingly enable Oceanbefo.top's notifications....

Reightpainf.top is a website that tries to gain access to your Web browser's notifications with the help of bogus prompts and message. According to Reightpainf.top, users need to click 'Allow' to verify their identity and confirm they are not a robot – this is a common occurrence online, and many users might not think twice about following the instructions blindly. However, when the 'Allow' button is pressed, the user will unknowingly subscribe to the Reightpainf.top notifications. Once...

MagicMovieSearch is a browser add-on, which poses as a useful extension, but its true purpose is to generate traffic for a website owned by the add-on's creators. The extension achieves this by replacing the default Web browser new tab with Portal.magicmoviesearch.com, and the search aggregator with Feed.magicmoviesearch.com. These two minor changes ensure that users of MagicMovieSearch will end up visiting the extension's website many times a day, therefore boosting ad revenue greatly....

The LCK Ransomware is a file-locking Trojan that's part of the Dharma Ransomware Ransomware-as-a-Service. It can stop users from opening media files by encrypting them, adds extensions to their names, and uses several means of demanding ransoms. Secure backups are the best recovery solution to infections, along with anti-malware software for removing the LCK Ransomware and blocking attacks. Dharma Ransomware 's for-hire service is experiencing more interest from an unknown threat actor,...