GrandSteal

Posted: October 25, 2019 | Category: Trojans | Threat Level: 8/10
GrandSteal is the name of a newly discovered infostealer that does not appear to share code with any of the previously known infostealer families. Surprisingly, some anti-virus engines report the GrandSteal as a variant of the Quasar RAT. Still, the two threats do not seem to have much in common apart from the fact that they are both able to collect information from the compromised host. One sample of the GrandSteal infostealer was discovered on a Russian domain, but this is not a sure sign that the threat originates from the Russian region, or targets users in the area. Often,...

Hdmr Ransomware

Posted: October 25, 2019 | Category: Ransomware
The Hdmr Ransomware is a file-encryption Trojan that is not compatible with any of the readily available decryption tools. The operators of this ransomware may distribute it with the use of phishing emails, fake downloads, and pirated software or media – to protect yourself and your computer from cyber-threats, you should avoid downloading unknown files, if they come from a shady source especially. Often, dealing with the consequences of a malware attack may be as simple as running an anti-virus scanner, but, unfortunately, in the case of a ransomware attack, the task may be much more...

BADNEWS

Posted: October 25, 2019 | Category: Backdoors | Threat Level: 6/10
BADNEWS is a backdoor Trojan that was used in several attack campaigns carried out by the Patchwork group, an Advanced Persistent Threat actor that targets Indian users frequently. The BADNEWS Trojan has been around for over two years, but it has received an update recently, which strengthens its abilities to evade sandbox environments and anti-virus engines, as well as carry out additional tasks on the compromised computer. The Patchwork group also is known by the names Dropping Elephant or Monsoon. The latest campaign that involves the use of the BADNEWS backdoor Trojan is carried out...

Spidey Bot

Posted: October 25, 2019 | Category: Botnets
It is not uncommon for cybercriminals to abuse the files of legitimate software suites to implant malware on the computers of their victims. One of the recent malware families that makes use of this strategy is called Spidey Bot, and it aims to make changes to the files used by Discord, a popular messaging and voice application that is usually used by gamers. When the Spidey Bot plants its code in a Discord file, it will restart the application to ensure that the corrupted modules will be loaded – one of the easiest ways to ensure that your Discord installation has not been infected is to...

Gamaredon Group

Posted: October 24, 2019 | Category: Malware | Threat Level: 6/10
The Gamaredon Group is an Advanced Persistent Threat (APT) group that has been active since 2013 – their targets are often Ukrainian government officials, and they rely on phishing emails to deliver threatening binaries to their targets primarily. The documents used as bait may often be disguised as important military files that the recipient is likely to want to review. Although the group has been active for over five years, they have not made many changes to their approach, and continue to use a combination of custom-developed malware and public tools to execute their attacks. It is not...

Ke3chang

Posted: October 24, 2019 | Category: Malware | Threat Level: 6/10
Ke3chang (also known as APT15) is an Advanced Persistent Threat group that is believed to operate from China. Cybersecurity experts keeping track on Ke3chang's campaigns have noticed similarities in the infrastructure, payloads, and strategies used by this group and other China-based groups such as Mirage, Vixen Panda, GREF, Playful Dragon and RoyalAPT – it is possible that the Ke3chang actors may share information and members with the groups mentioned above. The Ke3chang group's campaigns are targeted towards different sectors and regions – they have launched attacks against diplomatic...

GovRAT

Posted: October 24, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
GovRAT is an advanced Remote Access Trojan that is being sold on the Dark Web openly at the price of $1,000. However, cybercriminals who are interested in obtaining the source code of the threat also can pay $6,000 to get their hands on the full software package that will enable them to tailor GovRAT's modules according to their own needs. There are strong suspicions that the GovRAT might have been used in attacks against high-profile government and military targets, and it is possible that several Advanced Persistent Threat (APT) actors may have opted to pay for this hacking tool. While...

Mockba Ransomware

Posted: October 24, 2019 | Category: Ransomware
A new file-locker family has been spotted online, and it has been given the name Mockba Ransomware. Just like other file-encryption Trojans, this one also aims to cause as much damage as possible to the victim's files before it leaves a ransom note for the victim to read. All files that the Mockba Ransomware encrypts will have the '.mockba' extension added to their names, and victims will find the attacker's message in the file '# HOW TO RECOVER YOUR DATA #.txt.' There is no information about a free decryption tool compatible with this ransomware family yet. This means that the only way...

Cobalt Group

Posted: October 23, 2019 | Category: Malware | Threat Level: 6/10
The Cobalt Group is an Advanced Persistent Threat (APT) group that specializes in financially motivated attacks against high-profile targets in Southeast Asia, Central Asia and Eastern Europe. The targets of their attacks are often banks and other financial institutions, and the threat actors are known for executing long-lasting attacks that aim to compromise various computers slowly to gain access to critical infrastructure. Apart from targeting bank clients by compromising the bank's network, they also have targeted Automated Teller Machines (ATMs), as well as networks used for online...

Nols Ransomware

Posted: October 23, 2019 | Category: Ransomware
The cybercriminals behind the STOP Ransomware project appeared to be inactive for a few weeks, but they have returned with two new file-lockers that use the same encryption routine as before. The only major difference between the newly spotted samples and other members of the STOP Ransomware family is the usage of a different file extension to mark the locked files, as well as the introduction of a new email address for contact – gerentosrestore@firemail.cc. The first STOP Ransomware variant we will talk about is called Nols Ransomware, and it has already caused problems for a dozen of...

Werd Ransomware

Posted: October 23, 2019 | Category: Ransomware
The STOP Ransomware has shown remarkable activity in 2019, and it continues to be the biggest ransomware threat to users worldwide. This file-locker and its variants are able to execute swift and damaging attacks whose end-goal is to ensure that the victims will be unable to access their important files and documents. One of the latest variants of the STOP Ransomware is called 'Werd Ransomware,' and it already appears to be distributed actively. According to complaints from users harmed by the Werd Ransomware's attack, the ransomware will apply the '.werd' extension to the files it...

InfoDot Ransomware

Posted: October 23, 2019 | Category: Ransomware
Internet users worldwide are being threatened by a new file-encryption Trojan, which appears to use varying patterns to mark the names of the files it encrypts. One of the victims of the InfoDot Ransomware reports that the '.info@sharebyy[dot]com' extension was added to the names of their files, while another victim affected by the ransomware's attack has submitted a complaint about the '.info@mymail9[dot]com' extension being added to the files. Sadly, changing the filename is not the only change that the InfoDot Ransomware brings to the computers it corrupts – it also will encrypt the...

skip-2.0

Posted: October 22, 2019 | Category: Backdoors | Threat Level: 6/10
High-profile threat actors know that there are no long-term benefits in creating destructive malware whose sole purpose is to cause mayhem. This is why they rely on stealthy and functional cyber-threats that enable them to gain persistent access or control over the compromised computer and provide them with the ability to collect data or modify the system's configuration frequently. One of the tools used for such purposes is skip-2.0, a piece of malware developed by the Winnti Group. The Winnti Group (also known as APT41 ) is an Advanced Persistent Threat group whose members are believed...

Nautilus

Posted: October 22, 2019 | Category: Malware | Threat Level: 6/10
Nautilus is a newly discovered hacking tool that is linked to the activities of the Turla Advanced Persistent Threat group. The hackers from Turla are known for targeting government, energy, military, and technology sectors in various regions – their latest campaign involves the use of the Snake rootkit, and the newly discovered malware families Neuron and Nautilus. The campaign appears to be targeted against companies and organizations in the United Kingdom at the moment, but it is possible that the group may broaden its reach in the near future. It is believed that Nautilus and Neuron...

Neuron

Posted: October 22, 2019 | Category: Malware | Threat Level: 6/10
Neuron is a piece of malware that is being used by the Turla Advanced Persistent Threat (APT) group. This particular malware family is not associated with LightNeuron, a backdoor Trojan that also is used by the Turla hackers exclusively. One of the most notorious campaigns involving the Neuron malware was carried out against UK-based companies and institutions in 2017 – the threat was used in combination with the Snake rootkit and Nautilus, another uncategorized cyber-threat that is likely to be an essential part of Turla's arsenal. Active samples of Neuron were found on Web servers and...

APT41

Posted: October 22, 2019 | Category: Malware | Threat Level: 6/10
Usually, Advanced Persistent Threat (APT) groups focus on attacking high-profile targets in the energy, military, government, pharmaceutical or industry sectors. However, there are some special cases to this rule – one of them is APT41 (also known as the Winnti Group.) These cybercriminals are likely to reside in China, and their attacks have been aimed towards the online game industry almost exclusively. In recent years they have launched some campaigns against pharmaceutical companies, but their top targets continue to be game studios worldwide. The group's name is derived from Winnti,...

ZUMKONG

Posted: October 21, 2019 | Category: Trojans | Threat Level: 8/10
APT37 (also known as ScarCruft) is a North Korean cybercrime group that specializes in politically motivated attacks against high-ranking military and government personnel from South Korea. The group has been involved in major cybercrime campaigns that were carried out with the use of a broad range of hacking tools that serve various purposes. One of the notorious parts of APT37's arsenal is ZUMKONG, a piece of info stealing malware that exfiltrates data via the network of mail.zmail.ru – a legitimate mailing service. The ZUMKONG has been used against South Korean targets definitely,...

SLOWDRIFT

Posted: October 21, 2019 | Category: Downloaders | Threat Level: 5/10
High-profile cybercriminals often use a wide variety of tools to collect information about their target and figure out what malware they should use. The APT37 group consists of politically-motivated North Korean hackers whose primary targets reside in South Korea. Although their toolset consists of many infostealers and backdoor Trojans, they also employ a few reconnaissance tools whose purpose is to collect software and hardware information about the victim. This does not only help them determine what malware to use, but it also may tell them what sort of computer they have managed to...

Wiki Ransomware

Posted: October 21, 2019 | Category: Ransomware
There are dozens of ransomware families being spread in the wild, and it is important to learn how to protect your computer and your files from threats like those. One of the most popular ransomware families in the past three years has been the Dharma Ransomware – it has dozens of variants that use an identical file-encryption algorithm, but often use different file extensions to mark the locked files, as well as different contact emails. One of the most recent members of the Dharma Ransomware family is called Wiki Ransomware, and it is being spread via fake download pages, pirated...

Kiss Ransomware

Posted: October 21, 2019 | Category: Ransomware
Cybersecurity experts identified a new ransomware strain that is being distributed to users worldwide with the help of bogus email attachments, fake downloads, pirated content and malvertising campaigns. The threat, dubbed the Kiss Ransomware, uses a complicated file-encryption routine whose goal is to ensure that the victimized PC users will not be able to use their documents, videos, songs, archives, spreadsheets, backups and other important files. Just like other threats of this type, the Kiss Ransomware also attempts to encrypt as many files as possible, and then offer to provide users...
1 2 3 4 5 6 7 8 9 10 11 1,236
Home "Articles"