APT29 is a Russia-based threat actor specializing in exfiltrating information from high-security targets like government networks and diplomatic embassies. This Persistent Threat is comparable to a more professional version of the loosely-related Fancy Bear or APT28 group. Users should install security updates for limiting infection possibilities and let high-quality anti-malware solutions remove all threats related to APT29. Although APT29 (Cozy Bear, Office Monkeys, the Dukes and...

TrickMo is a spyware program that collects information related to password confirmation for banking activity, from Android mobile phones, especially. Its usage correlates with the presence of Trojan.TrickBot on an associated desktop computer, with its campaign targeting individuals in Germany currently. Users should disable any cellular and wireless connections on their phones before removing TrickMo through suitable anti-malware products and similarly disinfecting their computers. The...

Paid ads are a very profitable business, and it is not a surprise that many individuals rely on misleading or fake browser extensions to deliver ads to the Web browsers of random users. Such add-ons are not considered to be dangerous, but their presence is usually accompanied by annoying side effects such as seeing unwanted ads, or experiencing random redirects to unknown websites. One Google Chrome extension that partakes in such activity is Media Converter Pro Promos – it poses as a useful...

Outtemportm.info is a website that does not host any valuable content and, instead, It is home to a basic scam that is being promoted via misleading Web browser pop-ups. Outtemportm.info's Pop-Ups tell users to confirm that they are a real person by clicking 'Allow,' and claim that this is the only way to continue to browse the Web. However, if you accept Outtemportm.info's offer, you will unknowingly subscribe to this page's notifications. While this is not a security issue, it may lead to a...

Etablerun.info is a Web page that tries to hijack your browser's push notifications by using fake messages and alerts. It tells visitors to confirm their identity by pressing 'Allow' – however, doing this will subscribe you to this website's intrusive notifications. The notifications that Etablerun.info delivers to Web browsers are not reliable, and their contents may often include ads for all sorts of shady products, services, and Web destinations. It is also not uncommon for fraudulent...

Flare Search is a browser extension that promises to enhance your ability to search and navigate the Web by introducing you to new search features. However, the usefulness of Flare Search is very questionable, and the only noticeable change that this add-on brings is replacing your default search engine with Flaresearch.net. This page appears to load and work fine, but you should know that it is not associated with a reputable company, and its functionality is subject to change at any time –...

SearchGamez Search is a misleading browser extension that promises to grant you access to a rich collection of free-to-play online games. However, the content that it offers is by no means unique, and all the games it promotes can be found and accessed via a quick Web search, without needing to install 3rd-party software. However, the lack of unique features is not SearchGamez Search's main problem – this software is also related to undesired changes to the browser settings of its users. When...

The Repter Ransomware is a file-locking Trojan that's a variant of the Fonix Ransomware, a previously-independent threat. As with its ancestor, infections will seek to lock various digital media formats and hold them for ransom. Users should have backups for recovering lost files without paying, and anti-malware services to properly remove the Repter Ransomware. File-locking Trojans becoming families is an event worth noting, even with the ongoing competition between preexisting...

The BlackRock Android Malware is a new mobile threat that is being actively propagated via bogus Google updates that are being hosted on 3rd-party app stores. Users who are tricked into downloading and running one of the fake update installers may unknowingly introduce the BlackRock Android Malware to their mobile device. Once the malware implant is active, it may ask the user to give it permission to access the 'Android Accessibility' module – this is a common tactic that Android malware...

Melcoz is a relatively outdated banking Trojan that originates from Brazil, but it has recently expanded its operations to target victims in Chile and Mexico. The threat is based on an old open-source project known as Remote Access PC, a Remote Access Trojan that is frequently adopted and reworked by cybercriminals. The operators of Melcoz, however, do not need full remote access to the victim's machine and, instead, they use the Trojan to only manipulate certain applications that are being...

Javali is a dangerous banking Trojan that originates from Brazil. It is important to note that it is not compatible with Android devices and, instead, it runs exclusively on Windows systems. The first active copies of the Javali Trojan date back to 2017, and it seems that the malware's creators are relying on phishing emails to deliver the malicious payload to their targets. Often, the phishing emails contain a file attachment, but in some cases victims were asked to download a file from an...

Brazil is one of the regions that are most affected by banking Trojans developed by local cybercriminals. While most of the Brazilian banking Trojans concentrate on infiltrating victims in the region, there are many cases in which the infection rate rapidly increases, and users from other parts of the world also become affected by the attacks. Recently, malware researchers identified a set of four banking Trojans that started their activity in Brazil, but soon spread on a global level. The...

Blast Search is a browser add-on that may introduce undesired changes to your Web browser's settings. Thankfully, the changes linked to Blast Search are not dangerous, but they may certainly hinder your Web browsing experience by forcing you to use alternative search engines that are not reliable. One of the significant changes linked to Blast Search's installation is setting Find.blast-search.net as your Web browser's default search engine. This means that whenever you initialize a Web...

The 'System Activation KEY Has Expired' Pop-Up Scam is a new variant of an old scam that tries to trick users into believing that they have been locked out of their computer due to their activation key expiring, as well as because of several active Trojan infections. Thankfully, all security messages found in the 'System Activation KEY Has Expired' Pop-Ups are fake, and their goal is to make you panic, and convince you to follow the instructions on your screen. The 'System Activation KEY Has...

Liansatrickth.info is a page designed to display fraudulent alerts and pop-ups, which aim to convince visitors that they need to pass a CAPTCHA check if they wish to access certain content. However, you can be sure that Liansatrickth.info is not hosting a legitimate 'robot check' – instead, it tries to trick you into clicking a button that will ultimately end up subscribing you to Liansatrickth.info's notifications. Once this happens, the website will be able to freely abuse the feature to...

Stewaysef.info is home to a basic scam that does not try to steal sensitive data or money from its targets and, instead, it has a far simpler goal – it asks visitors to 'Allow' Stewaysef.info to display notifications in their Web browser. If this permission is given to the page, it may abuse the feature to deliver a large number of unwanted advertisements that will appear in the form of browser notifications. The Stewaysef.info notifications are not reliable, and their contents may often lead...

Easy Weather Today Promos is a browser extension that poses as a helpful utility that can display current weather information, as well as a weather forecast for the upcoming days. However, as soon as users try to install Easy Weather Today Promos, they may be prompted to give this add-on the permission to 'Read and change all your data on the website you visit.' In reality, Easy Weather Today Promos could abuse these permissions to inject ads in the pages you browse. The advertisements that...

The Homer Ransomware is a file-locking Trojan that's a derivative of a Ransomware-as-a-Service family known as Dharma Ransomware or Crysis Ransomware. The Homer Ransomware can block your files by encrypting them and delete the local backups as part of its extortionist campaign. Users should ignore the ransom demands, recover from any secure backups, and have their favored anti-malware solutions uninstall the Homer Ransomware. Jokes referring to popular media are among the usual details...

DarkEyE is a malicious tool that was previously sold on hacking forums as a utility that cybercriminals could use to protect their malware from being dissected and analyzed. DarkEyE achieves this by using clever obfuscation techniques, which, according to the creator, 'protect your files against revere engineering and cracking procedures.' The DarkEyE Protector was also sold on a public website that is now offering a similar product titled 'CloudEyE' – it is safe to assume that CloudEyE is...

CloudEyE is a type of tool that cybercriminals frequently use to make their malicious software more difficult to detect, identify, and analyze. CloudEyE, in particular, appears to share many similarities with the obfuscation technique used by GuLoader , but it lacks some of the Trojan-Downloader features found in the GuLoader project. It also seems that the creators of CloudEyE are trying to pass this project as a legitimate utility that should not be used for nefarious purposes – however, a...