AgileHelp

Posted: November 22, 2019 | Category: Adware | Threat Level: 2/10
AgileHelp is a computer utility that only Mac users are likely to come across. However, while AgileHelp may promise to improve the user's ability to navigate and search the Web, the real purpose of this software is very different. Instead of helping you, the AgileHelp program may turn your Web browsing sessions in a very unenjoyable experience due to the large number of advertisements you will be exposed to. In addition to promoting various affiliated links and shady online stores, the AgileHelp adware may even expose you to fake anti-virus reports, which claim that your computer has been...

Mispadu

Posted: November 21, 2019 | Category: Trojans | Threat Level: 8/10
Mispadu is the name of a banking Trojan that seems to target users in Mexico and Brazil. Usually, many of the Latin America-focused banking Trojans tend to work on smartphones, but Mispadu is only compatible with the Windows operating system. Cybersecurity researchers report that the threatening application is being spread via malvertising campaigns that trick users into thinking that they have won a discount code for McDonald's. In addition to the rather new malvertising trick, the authors of the Mispadu Trojan also rely on the good-old phishing emails that trick users into thinking that...

Roboto Botnet

Posted: November 21, 2019 | Category: Botnets
Linux servers are being targeted by a threat actor who appears to turn infected machines into members of a large-scale botnet that is currently referred to as the Roboto Botnet by malware researchers. According to specialists, an estimate of 215,000 servers are running the Webmin software suite, which is the main infection vector that the threat actors behind the Roboto Botnet rely on at the moment. The first traces of the botnet's activity date back to the summer of 2019, but its rapid expansion started recently and attracted the attention of cybersecurity experts worldwide. The Webmin...

SectopRAT

Posted: November 21, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
SectopRAT is a newly spotted Remote Access Trojan that is considered to be a work in progress – some of its modules are empty or unfinished, and some of its functions do not work yet. However, it does include some interesting features that make it a major threat to users who have not taken the needed measures to protect their computers from unwanted intruders. The primary feature of the SectopRAT appears to be its ability to spawn a second 'explorer.exe' process that is invisible to the user. This creates a secondary desktop that the attackers can control remotely without alerting the...

Kodg Ransomware

Posted: November 21, 2019 | Category: Ransomware
Ransomware has been the big thing in the cybercrime field for the past few years, and, unfortunately, this will not change until users take the necessary precautions to turn ransomware in a non-profitable venture. This means that users should rely on a reputable anti-malware service to keep their computers clean of malware, and they should also keep backup copies of their important files so that they will be able to recover from a potential ransomware attack. Sadly, many users have not adopted either one of these measures, and they are the ones that are prone to fall victims of the Kodg...

Phoenix Keylogger

Posted: November 20, 2019 | Category: Keyloggers | Threat Level: 8/10
The Phoenix Keylogger is a cyber-threat that was first advertised on hacking forums in July 2019, but the project has been improved a lot during these past few months. While the initial versions of the Phoenix Keylogger supported basic keylogging features, the recent versions of this software include a wide range of features that allow the threat actor to collect credentials and data from the compromised computer swiftly and minimize the evidence the attack leaves behind. The author of the Phoenix Keylogger has opted to adopt the 'malware-as-a-service' model, which means that they are...

FakeAdsBlock

Posted: November 20, 2019 | Category: Adware | Threat Level: 2/10
Adware meant to work on smartphones and tablets can be very annoying if the user has not had to deal with such a problem before, especially. Adware developers often experiment with new tricks and techniques to bombard the user with advertisements, and they also tend to use advanced methods to hide the presence of the devious application and prevent the user from removing it with ease. One of the latest Android adware to be identified by security researchers goes by the name FakeAdsBlock, and it appears to be distributed via fake applications hosted on third-party Android application stores....

CyborgLock Ransomware

Posted: November 20, 2019 | Category: Ransomware
The CyborgLock Ransomware is a new file-encryption Trojan whose authors appear to be very inexperienced in the cybercrime field. The main reason to assume this is that they want to receive a ransom payment of $110 via Amazon Gift Cards – few ransomware developers opt for this payment method and, instead, most of them prefer to get the money via a cryptocurrency transaction. Despite the weird demands of the authors, the threatening program they have created should not be underestimated because it has the ability to cause a lot of damage to your files and leave you with few data recovery...

Wacatac Ransomware

Posted: November 20, 2019 | Category: Ransomware
The Wacatac Ransomware (also known as the DeathRansom Ransomware) is a dysfunctional cyber-threat that poses as a file-encryption Trojan. The good news is that the Wacatac Ransomware either lacks file-encryption abilities or it has been implemented poorly, and the threat does not cause any damage to files in its current state. In fact, the only problem that the Wacatac Ransomware can cause is to change the names of various documents, images, archives, videos, music, and other files by adding the '.wctc' extension. Thankfully, this does not mean that the files have been encrypted – they can...

Inter

Posted: November 19, 2019 | Category: Malware | Threat Level: 6/10
Skimming used to be a crime that targeted Automated Teller Machines (ATMs) exclusively – the criminals behind these operations would add a difficult-to-notice hardware piece to the ATM, and it would enable them to collect the credit card data of every customer that opted to use the booby-trapped ATM. However, the past few years of cybercrime has shown us that there is skimming on the horizon – the online skimming. Online skimmers are usually small pieces of JavaScript code that get inserted into the checkout page of a hacked website. This does not make any obvious changes to the site's...

ACBackdoor

Posted: November 19, 2019 | Category: Backdoors | Threat Level: 6/10
Malware developers target multiple operating systems with their malware rarely. One of the main reasons for this is that Linux systems are not spread that widely, and targeting them with malware is not always a profitable task. However, the authors of the new ACBackdoor appear to be experts when it comes to developing Linux-compatible malware – cybersecurity researchers note that the Linux version of ACBackdoor was written very well, and packs remarkable features such as fileless code execution and the ability to manipulate the properties of running processes. Besides being able to run on...

Dom Ransomware

Posted: November 19, 2019 | Category: Ransomware
The ransomware field has been dominated by two ransomware families in 2019 – Dharma and STOP. However, there is a third ransomware family that has also sown impressive activity, although it is not nearly as widespread as the latter two. It is the Scarab Ransomware family, and it first made the news in 2018 when the project appeared to be very active – back then, cybersecurity researchers had to categorize dozens of Scarab Ransomware variants each month. The latest member of the Scarab Ransomware family is called the Dom Ransomware, and it is incompatible with free decryption utilities. This...

Mbed Ransomware

Posted: November 19, 2019 | Category: Ransomware
File-encryption Trojans are running rampant online, and you should stay one step ahead of them by investing in reputable data backup services and reliable anti-virus software. Failing to stop a ransomware attack can have devastating consequences for your files because these cyber-threats are able to inflict long-term damage to your file system, which is impossible to reverse without acquiring the decryption key stored on the servers of the attackers. Unfortunately, this task is not always achievable since some ransomware families (like the STOP Ransomware) are very secure, and they cannot...

NextCry Ransomware

Posted: November 18, 2019 | Category: Ransomware
Targeted ransomware attacks are challenging to plan and execute, but they can cause devastating damage when done correctly. The latest example of such an attack involves the NextCry Ransomware, a newly discovered ransomware family that targets NextCloud customers exclusively. NextCloud is a file-sharing and collaboration platform that is often used as a workspace by companies, freelancers and regular users. Unfortunately, the platform has been targeted by cybercriminals who use the newly developed NextCry Ransomware to encrypt the data of vulnerable customers and then extort them for money...

Pipka

Posted: November 18, 2019 | Category: Malware | Threat Level: 6/10
JavaScript-based skimmers are becoming a more common occurrence, and it seems that more and more threat actors are experimenting with these simple to build tools. However, while creating a JavaScript skimmer is not the most challenging task, using it requires a lot of effort – the cybercriminals behind the skimmer need to compromised the security of an online merchant, and then add the skimmer component to the checkout page silently, therefore ensuring that the payment data of all customers will be harvested. Recently, VISA released a report describing a new JavaScript skimmer called Pipka....

SySS Ransomware

Posted: November 18, 2019 | Category: Ransomware
The Dharma Ransomware has made a comeback in 2019, although the project seemed to be dead for a while after the original developers opted to release all decryption keys for free. However, we have seen dozens of new variants appear in 2019, and the latest of them goes by the name the SySS Ransomware. This file-locker is impossible to decrypt via free utilities, and this leaves its victims with very limited data recovery options. The corrupted binary that carries the SySS Ransomware's code may be distributed via pirated software and media, fake downloads, fake software updates, or...

'Microsoft-2019-windows.com' Pop-Ups

Posted: November 18, 2019 | Category: Adware | Threat Level: 2/10
Online technical support tactics have been used for over two decades, and they are still an efficient way to get innocent users involved in fraudulent schemes. These tactics are usually carried out with the help of fake Web pages that were set up with the sole purpose of providing their visitors with fake information about the health and security of their computer – this is exactly the case with the 'Microsoft-2019-windows.com' Pop-Ups. This page hosts a fake pop-up window, which alerts visitors that their computers have been infected by more than one threatening virus, and they need to...

CredRaptor

Posted: November 15, 2019 | Category: Backdoors | Threat Level: 6/10
The TeleBots hacking group is back in action after laying low for a rather long time. The group is best known for being involved in what is considered to be the first power outage (blackout) caused by a cyber-attack/malware. The group's arsenal includes top-of-the-shelf cyber-threats that are used during different stages of the attacks, and often aim to be as destructive as possible. Some of the more notorious malware associated with the activity of the TeleBots group is: The Industroyer backdoor used against the Ukrainian power grid. BlackEnergy – Also used against the Ukrainian...

CHEESETRAY

Posted: November 15, 2019 | Category: Malware | Threat Level: 6/10
APT38 (also known as Lazarus Group) is an Advanced Persistent Threat hacking group that works in close cooperation with the North Korean government. Most of their attacks appear to be motivated financially, and it is not uncommon to see them target the networks of major banks and financial institutions. Since the goal of their attacks is to generate profits, the hackers may often spend months collecting information about their target's infrastructure before proceeding to drop the major payloads that will help them execute their devious deeds. One of the tools that have been seen on some...

Sphinx Ransomware

Posted: November 15, 2019 | Category: Ransomware
Cybercriminals often do a sloppy job when it comes to creating a working payment page, and this may end up being a major problem for victims who want to pay in exchange for a decryption tool. This is exactly what the threat actors behind the newly spotted Sphinx Ransomware has done – their ransom note tells victims to visit a TOR-based payment portal for further instructions but trying to open the website results in error. This means that victims of the Sphinx Ransomware will not be able to pay the ransom fee even if they were willing to co-operate with the attacker. Even if the Sphinx...
Home "Articles"