Microsoft Office accounts are often targeted by online con artists because they can resell them easily if they manage to obtain working login credentials. The 'PASSWORD EXPIRATION NOTICE' email scam is one of the latest tactics to target this specific online service. The attackers send a fake 'password expiration notice' to the users, which tells them that they need to change their account's password. However, users are taken to a fake website, which will reveal their password to the...

Espeakennec.top is a misleading page whose messages may try to tell you that you need to confirm that you are not a robot. Allegedly, visitors can complete this basic request by pressing the 'Allow' button shown on their screens. However, complying with this request has a different outcome – it enables the Espeakennec.top notifications in your Web browser. This is not anharmful change, but it can be very annoying to deal with because Espeakennec.top will abuse your browser notifications to...

It takes one wrong click to have your Web browser notifications hijacked by an unknown website. Unfortunately, many websites use misleading messages and pop-ups to trick visitors into subscribing to their annoying push notifications. Ryprevealedi.top, for example, tells users to confirm they are not a 'robot' by pressing 'Allow.' If the users complete this request, they will allow Ryprevealedi.top's notifications in their browser unknowingly. The administrators of Ryprevealedi.top do not...

The ZXCV Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. Infected PCs may show files that can't open due to being encrypted, as well as campaign-specific extensions, and ransom notes as pop-ups or text files. While the necessity of backups for data protection is inestimable, most users with credible anti-malware solutions can block and remove the ZXCV Ransomware on sight. In their haphazard naming conventions, ranging from movie...

SLOTHFULMEDIA is a newly identified Remote Access Trojan (RAT) whose development and usage is yet to be attributed to any classified threat actor. The malware is meant to run on Windows systems, and it has a wide range of features, which enable its operators to take almost complete control over the infected machine. The authors of the malware have configured it to disguise itself under the process name 'mediaplayer.exe.' To achieve persistence, it applies changes to the Windows Registry,...

The Cryptme Ransomware is a file-locking Trojan without a connected family or Ransomware-as-a-Service. This threat's campaign targets employees in the educational sector, with document-based lures crafted for resembling homework assignments. Users should always have backups of their work and personal media for recovery from these attacks, and traditional security programs should block or remove the Cryptme Ransomware. Telecommuting classwork's rise is one of the many side effects of the...

Advanced Persistent Threat (APT) actors are not always following their own interests. They are often renting out their services to customers who are interested in paying for professional hacking, espionage, and data theft services. Needless to say, high-profile threat actors do not work with average clients – their customers are often asking them to penetrate the network defenses of high-value targets such as government entities, political organizations and various important people or...

Devineoffers.com is a website that hosts a basic tactic meant to trick visitors into accomplishing an action that will subscribe them to the Devineoffers.com notifications. This can only be done by clicking the 'Allow' button that Devineoffers.com displays – the page, however, claims that this prompt is meant to allow users to continue their browsing session. If you ever see a website that tells you to click 'Allow' to: Play a video. Continue browsing. Confirm you are not a...

Increamy.club is a deceptive page that uses a fake warning to access your Web browser notifications. It tells you that you must click 'Allow' to continue browsing. The page also pretends to be loading to leave visitors with the impression that the prompt is legitimate, and the loading process can be completed after the aforementioned action is completed. Users who follow Increamy.club's instructions will unknowingly enable the page's notifications in their Web browser. Once subscribed to...

Seeing Cristall.club's notifications in your browser means that you have accidentally subscribed to this type of content. Often, this may happen if you come across the fake pop-ups and warnings hosted on Cristall.club. This page claims that users need to click 'Allow' to carry on with their browsing session, but this action is meant to subscribe them to Cristall.club's notifications. While this change does not cause any harm, it may hinder your Internet browsing sessions by exposing you to...

The Lizehopm Ransomware is a file-locking Trojan that comes from the Snatch Ransomware family. The Lizehopm Ransomware may block the user's media files with encryption and delivers ransom notes that sell the unlocking solution. Users always should back their work up for safety and allow anti-malware tools' remove the Lizehopm Ransomware whenever they identify it. In the threat landscape, few families of Trojans can compete with the affordability of freeware like Hidden Tear, or...

The Dme Ransomware is a file-locking Trojan that's part of the Dharma Ransomware, a Ransomware-as-a-Service. The Dme Ransomware can block media files on infected computers with a typically-permanent encryption routine, along with erasing local backups. Users with non-local backups may recover readily, and the right anti-malware solution can protect PCs by removing the Dme Ransomware safely. File-locking Trojans may struggle with naming themes and conventions or even resort to random...

The Gtsc Ransomware is a file-locking Trojan from the Dharma Ransomware Ransomware-as-a-Service. Users can identify infections by symptoms such as files refusing to open, 'gtsc' extensions, and advanced Web page ransom notes. Sufficiently-isolated backups are the best protection for any files, although most PC security products should remove Gtsc Ransomware upfront. Some Trojan families seem like they're taking inspiration from STOP Ransomware 's essentially random character naming...

GiftGhostBot is a Trojan botnet that collects gift cards by brute-forcing their numbers. Users should protect themselves from infections appropriately, which may abuse their hardware resources for these criminal activities, although they don't target the user's local information. Anti-malware software is a highly-dependable resource for removing GiftGhostBot Trojans before they cause significant harm to third-party customers and businesses. The rise of e-commerce is in tandem with the...

The Simda Botnet is a Trojan network of compromised Windows systems. Although its C&C server infrastructure is defunct currently, Trojan 'bots' still can be threatening and cause various security issues, such as opening a backdoor for attackers or installing other threats. Users should protect themselves from these attacks by having compatible security solutions for removing Simda Botnet Trojans on sight. A multi-nation, joint cyber-security operation in 2015 is responsible for the...

Advanced Persistent Threat (APT) groups and actors are among the most threatening criminals in the world of cybercrime. Their attacks are often characterized by the use of previously undocumented exploits and malware, as well as by exploiting previously compromised infrastructure to aid their future attacks. A group that fits this description perfectly is ProjectSauron APT, or also known as the Strider APT. This group's operations concentrated on data theft from government and military...

EternalRed, also known as SambaCry, is the name that cybersecurity experts use to refer to a vulnerability in UNIX-based systems that is similar to the EternalBlue exploit for Windows. This vulnerability concerns the old versions of Samba, a software package that adds Server Message Block (SMB) functionality to systems. Allegedly, the EternalRed exploit was already used successfully, but, thankfully, it was used to propagate a threat far less threatening than the ones linked to the use of the...

The Ice IX is a Trojan botnet and a minor update of the Keylogger Zeus. Besides changing and removing features and functions for obfuscation, the Ice IX exhibits the same dangers to users as its predecessor Trojan, such as recording keystrokes and collecting passwords. Windows users with active and up-to-date security solutions should detect and remove the Ice IX automatically, after which they should change any leaked passwords. It shouldn't shock readers to learn that criminals...

Xafecopy is a piece of Android malware, which has been very active in India – almost 40% of its victims are residents of the region. However, Xafecopy's attacks do not appear to be focused on Asia – the criminals behind it are also infecting devices in Russia, Mexico, Turkey, and other countries. This simple but effective malware engages in ad-fraud and fraudulent financial transactions. However, its modus operandi is very interesting and surprising. Usually, Trojans of this sort try to...

MalLocker is a family of screen-locking Trojans that target Android devices, such as phones. Although this family contains many novel characteristics, its attacks against users involve blocking the screen, usually, with a fake police warning. Users should ignore ransom demands from this threat, restore their device by other means, and confirm the removal of MalLocker with compatible security tools. Although fake police alerts like the 'Gobierno de España' Ransomware are somewhat...