The FIXI Ransomware is a file-locking Trojan from the Scarab Ransomware family, a Ransomware-as-a-Service business. The FIXI Ransomware can keep files as hostages by encrypting them and targets documents and other, widely-in-use media formats preferentially. Users with non-locally-saved backups can protect their work efficiently, and the anti-malware programs of most trustworthy companies should block or remove the FIXI Ransomware. While some regional quirks that leave it as a memorable...

The DarkSide Ransomware is a file-locking Trojan that can block files on Windows computers with encryption. The DarkSide Ransomware targets entities with significant financial resources, such as enterprise-level businesses preferentially, and claims that it collects data for blackmail purposes. Server administrators should maintain strict security protocols for preventing infections, backups for content recovery, and anti-malware tools to spot and remove the DarkSide Ransomware. Despite...

The FlyStudio Ransomware is a file-locking Trojan that blocks media files on Windows computers and holds them as hostages while asking for a ransom. The FlyStudio Ransomware campaign targets Chinese speakers and imitates Apple software for circulating, although future attacks may use different configurations. Users with both anti-malware programs for deleting the FlyStudio Ransomware and secured backups for recovery should be safe from this threat. English is the language favored for...

The Spade Ransomware is a file-locker Trojan that's a variant of the Void Ransomware (also identified as VoidCrypt Ransomware). The Spade Ransomware targets Windows systems, locks their media files by encrypting them, and can terminate some applications that interfere with the attacks. Users with backups safe are, as usual, protected, and anti-malware products can defend PCs by removing the Spade Ransomware on sight. A little-known file-locking Trojan referred to in most circles as the ...

The My Office Tool is a browser extension that may attract the attention of office workers looking for a neat way to organize their documents and notes, use various office tools and get ready-to-use document templates. Unfortunately, users who expect the My Office Tool to deliver such content are in for a disappointment – all that My Office Tool's installation does is to replace your Web browser's new tab page and search engine with Hp.hmyofficetools.co. While this website is not harmful, it...

The Templates Discovery Tab is a browser extension that users may download because they are looking for a neat way to find various website templates that they may need. However, the Templates Discovery Tab does not offer reliable resources, and it may end up merely redirecting you to 3rd-party online services and websites dedicated to listing template libraries and links. Unfortunately, this is not the only thing that the Templates Discovery Tab brings to the table. This add-on also may...

If you see pop-ups originating from Ativefestio.club, then you should know that their contents might be misleading, and they may try to trick you into granting this website the permissions it needs to display browser notifications. Even if you fall for the basic tactic, your online safety and privacy will not be put in harm's way – the website is harmless, but granting it the permissions it wants may have some annoying consequences for you in the near future. Once Ativefestio.club has been...

Nssuccess.club is a Web page that engages in a variation of the 'Please press Allow to continue' pop-up tactic. The Nssuccess.club pop-ups advise users to confirm that they are not robots by clicking the 'Allow' button shown on their screen – however, if you follow this step, you may enable Nssuccess.club to display notifications in your Web browser unknowingly. While Nssuccess.club cannot abuse this feature to cause potentially serious problems, it may expose you to unwanted advertisements...

The AB89 Ransomware is a file-locking Trojan that's a variant of the AES-Matrix Ransomware. This family of Trojans uses secure encryption for locking files, may replace their names, alter the wallpaper and create a ransom note. A backup on another device can aid with the recovery of digital media, and traditional anti-malware programs should remove the AB89 Ransomware. The  AES-Matrix Ransomware  family is quieter than many of its fast-proliferating competition inside the file-locking...

The Smaug Ransomware is a file-locking Trojan family that operates as a Ransomware-as-a-Service. Because threat actors can create campaigns through an easy-to-use website interface, the family members may use very different exploits for circulation or target different victim demographics. However, users can spare their files with backups and have anti-malware services to remove the Smaug Ransomware variants. With a name coming from the dragon antagonist of Tolkien's famous work, the Smaug...

Godlike12 is a custom-built backdoor Trojan whose development and usage has been attributed to the Holy Water APT (Advanced Persistent Threat) actor. The group's activities were first analyzed and described in December 2019 when they launched a massive water hole attack that targeted minority ethnic groups in Asia. The Godlike12 payload was used in these attacks, and it was usually delivered via a fake Adobe Flash Player update package that victims were asked to download when they visited a...

The Asian region is full of Advanced Persistent Threat (APT) actors operating in different regions and targeting different sectors. Malware researchers release reports on APT actors' activities based in China, India, Iran, Iraq, North Korea, and other countries that are represented in the cyber-crime field regularly. One of the newly identified and categorized APT actor is the so-called Holy Water AP Its specialty appears to be 'watering hole' attacks that allow them to deliver payloads via...

The Stitch Backdoor is a project created with the use of the Python programming language. The full, original source code of the software can be found on GitHub, accompanied by instructions on how to compile and use it. The author of the project states that it is intended to be used in a controlled environment for penetration testing, and malware behavior analysis – however, it is not a surprise that this disclaimer is useless when it comes to preventing cybercriminals from misappropriating...

Jio-news2.club is a Web page that your Web browser might take you to thanks to low-quality advertisements and pop-ups. Despite what this website's name may make you think, you can rest assured that Jio-news2.club is not related to any news or valuable updates – instead, it is designed to hijack your browser notifications. The page tries to do this by displaying a fraudulent prompt, which asks you to confirm that you are not a robot – however, the instructions it provides you with are fake,...

The Access TV Streaming is a browser add-on that users may come across and install if they are looking for a way to view free TV streams in their Web browser. However, the Access TV Streaming does not provide such content. Instead, users may be disappointed to find out that the Access TV Streaming will tamper with their Web browser's settings, and hinder their Web browsing experience. The good news is that the Access TV Streaming is not linked to any potentially harmful changes – instead,...

BitCoin Clipper is a threatening hacking tool that may run in the background of unsecured computers and hijack Bitcoin transactions silently by replacing the recipient's wallet address with one managed by the cybercriminals. This is a fairly simple piece of malware, and there are many variants of it being sold or advertised on underground hacking forums – fortunately, the BitCoin Clipper is rather limited in its functionality. Modern clippers are able to hijack multiple cryptocurrency...

The YaKo Ransomware is a file-locking Trojan that's part of the Xorist Ransomware's family. The YaKo Ransomware can lock media with encryption so that files can't open, change the user's wallpaper, and create ransom notes. Users should rely on backups as the preferable solution to recovery, instead of a ransom, and use anti-malware products for removing the YaKo Ransomware appropriately. The differences between encryption functionality can mean a ransom or the lack of one, as far as threat...

The Devoe Ransomware is a file-locker Trojan from the family of the Phobos Ransomware. The Devoe Ransomware blocks media such as documents on Windows computers and holds them for ransom. Cautious, well-updated backups can protect users' work from this sabotage, and anti-malware programs will remove Devoe Ransomware automatically. The Phobos Ransomware is a Trojan family with years to its record, although it still lacks the high-energy proliferation of the most popular...

VenomLNK (previously known as VenomKit) is a hacking tool that is not used to infect computers of potential victims. Instead, its operators use it to create weaponized documents and files that will deliver whatever payload the attackers want to integrate into the final file. VenomLNK is very similar to the RoyalRoad RTF builder tool that Chinese cybercriminals have been using for the past few years. However, VenomLNK is not limited just to China, and cyber crooks might use it in different...

Cybercriminals often employ legitimate tools in their attacks, but, of course, they take the required measures to modify their features in a corrupted banner. This is the strategy adopted by the TerraTV implant, a Malware-as-a-Service (MaaS) project sold to various cybercriminals. TerraTV is meant to deploy a legitimate copy of the popular TeamViewer client on the compromised system, and then load a threateningly modified DLL & configuration files that change the way TeamViewer operates....