LimeRevenge RAT

Posted: November 15, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
Remote Access Trojans are part of the toolkit of any experienced cybercriminals – there are countless variants to choose from, and threat actors can opt to go for the free ones or expensive ones. Of course, the expensive Remote Access Trojans (RATs) are better at staying hidden, and they often provide their operators with access to more features that enable them to extract all sorts of data from the compromised host. One of the notorious RATs being used by low-level crooks and high-profile threat actors alike is the RevengeRAT. Recently, malware researchers came across a modified variant of...

CLEANTOAD

Posted: November 14, 2019 | Category: Malware | Threat Level: 6/10
APT38, also known as the Lazarus Group, is one of the threat actors to receive a lot of media attention in the past few years. The group's members are believed to originate from North Korea, and cybersecurity experts suspect that it might be working in close cooperation with the North Korean government. APT38 is certainly not the only cybercrime group to execute their operations from North Korea – the country also is home to APT37 , also known as ScarCruft or Group123, a team of hackers that specializes in using highly destructive malware that is employed in attacks against manufacturing,...

Exaramel

Posted: November 14, 2019 | Category: Backdoors | Threat Level: 6/10
The TeleBots group is back under the spotlight with the use of a new Trojan Backdoor that has been named 'Exaramel.' The threat shares many similarities with the Industroyer malware that the group used previously and was already employed in attacks that fit the profile of TeleBots' usual victims. TeleBots has been one of the most famous names in the cybercrime fields for the past few years – they are the hackers responsible for the first blackout caused by malware. This unfortunate event happened in 2015 and showed to the world how threatening malware could really be. The group also was...

AnteFrigus Ransomware

Posted: November 14, 2019 | Category: Ransomware
Low-quality ransomware is often spread via simple malware propagation channels such as pirated software and media, game cracks, phishing emails, etc. However, the authors of the AnteFrigus Ransomware appear to have adopted an alternative approach – their new file-locker is delivered via the RIG Exploit Kit. This is a rather elite malware propagation approach that is used to deliver simple ransomware like this one rarely. Apart from the fact that it is being spread via the RIG Exploit Kit (RIG EK,) the AnteFrigus Ransomware has some other interesting quirks. Tests in a controlled...

Grod Ransomware

Posted: November 14, 2019 | Category: Ransomware
The developers of the STOP Ransomware continue to rely on their tried and tested strategy to release new ransomware variants pretty much every other day. The latest addition to this threatening file-locker family is known as the Grod Ransomware, and it is already spread via pirated games and software, fake downloads, torrent trackers, and other warez content actively. If the users end up running a copy of the Grod Ransomware on a computer without sufficient malware protection, they may end up being in serious trouble because of the Grod Ransomware's ability to cause long-lasting damage to...

'HARASSMENT COMPLAINT' Email Scam

Posted: November 14, 2019 | Category: Adware | Threat Level: 2/10
Cybercriminals and con artists often experiment with new social engineering tricks to get users to follow their instructions. Sometimes they rely on financial motivation by promising users that they can win great prizes by reviewing a file or email attachment, and, in other cases, they opt to go for fear-mongering strategies. In this description, we will talk about a tactic that involves the latter strategy. The 'HARASSMENT COMPLAINT' email scam is a new email tactic that may be tailored according to the recipient's profile and field of work. According to the email, the victim has been...

PureLocker Ransomware

Posted: November 13, 2019 | Category: Ransomware
The cybercriminals often use all sorts of secret tricks and obfuscation techniques to keep their state-of-the-art threats hidden from the eyes of malware researchers. However, some of them are much better at this than their colleagues – a fine example is the author of the PureLocker Ransomware, a file-encryption Trojan that attacks company servers exclusively, and has been fairly active for a few months without being detected. The low detection rate is likely to be achieved via some simple and some advanced tricks: The PureLocker Ransomware is likely to be a high-quality...

Peet Ransomware

Posted: November 13, 2019 | Category: Ransomware
File-lockers continue to run rampant at the end of 2019, and there are countless threats waiting for a chance to extort you for money by encrypting your important files. The latest file-locker sample to be spotted by cybersecurity experts has been labeled the Peet Ransomware, and it appears to share code with the STOP Ransomware family, one of 2019's most active threats. Unfortunately, if the Peet Ransomware gets to your computer and encrypts your files, you will not have many data recovery options ahead of you. This file-locker uses a very secure encryption routine, and stores the...

Dharma-Ninja Ransomware

Posted: November 13, 2019 | Category: Ransomware
The Dharma-Ninja Ransomware is a file-encryption Trojan that, as you can tell by the name, is a part of the Dharma Ransomware family of file-lockers. It also boasts a name similar to the Ninja Ransomware that first surfaced online in 2015. Still, both of these threats share no other similarities apart from the fact that they extort their victims for money. If the Dharma-Ninja Ransomware has gotten on your computer, then it might already be too late to counter its attack. This is because the Dharma-Ninja Ransomware needs just a few minutes to accomplish a devastating attack whose...

JesusCrypt Ransomware

Posted: November 13, 2019 | Category: Ransomware
Malware researchers spotted a harmful file being submitted to an online file scanning service used to discover unsafe files – the file in question appears to pack a file-encryption function that would enable it to encrypt some of the files on the computer it is being run on. In addition to this, it contains strings typical for ransomware, so it is safe to assume that someone is working on a new file-locker that was submitted for analysis recently. The threat has been given the name 'JesusCrypt Ransomware' due to the use of 'JesusCrypt' in its ransom note, and it seems to be a work in...

Send-news.net

Posted: November 13, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Send-news.net is a bogus page that has been set up with the sole purpose of distributing advertisements to the user's Web browsers by misusing the browser's ability to display notifications. Users might be referred to Send-news.net's bogus pages while browsing shady websites that have been paid to promote this fraudulent operation. While visiting Send-news.net or seeing its notifications is not a major problem, it should not be ignored since the page notifications may bother you continuously. People who stumble onto Send-news.net may be prompted to 'Allow' this website to display...

Glimpse

Posted: November 12, 2019 | Category: Malware | Threat Level: 6/10
Glimpse is a cyber-threat that is yet to be researched thoroughly, but malware experts have already managed to identify some of the key features of this threat. One of the unique things about it is the method it uses to communicate with the control server of the attackers – instead of using the noisy HTTP or FTP connections, it relies on the DNS protocol. However, using the DNS protocol to establish a communication channel between the malware and the control server has some drawbacks – for example, sending a command via the DNS protocol may be simple, but receiving a meaningful response is...

Octopus Ransomware

Posted: November 12, 2019 | Category: Ransomware
The Octopus Ransomware is a file-encryption Trojan that is considered to be incompatible with free decryption utilities. This means that victims of the Octopus Ransomware will not be able to rely on any reliable data decryption options, and their best bets would be to rely on restoring from a backup or alternative file recovery strategies. Threats like the Octopus Ransomware are exceptionally threatening due to their ability to cause long-lasting damage to the victim's files – an issue that cannot be resolved by simply running an anti-virus tool. The threat actors behind the Octopus...

Kr Ransomware

Posted: November 12, 2019 | Category: Ransomware
Cybercriminals usually show the highest activity during the summer Holiday season, but this 'rule' certainly does not apply to ransomware developers who appear to be active throughout the entire year. Weekly, we come across dozens of file-lockers that are often based on previously known ransomware families such as the STOP Ransomware or the Dharma Ransomware. Today's post is about the Kr Ransomware, a file-encryption Trojan that uses the same file-encryption routine as the Dharma Ransomware. It is possible that the cybercrooks behind the Kr Ransomware may be using spear-phishing emails...

ExtraList

Posted: November 12, 2019 | Category: Malware | Threat Level: 6/10
ExtraList is an application for the Mac OS that may be advertised as a search-enhancing tool that is meant to help users find better results online. However, users who opt to install the ExtraList program may soon be disappointed by what it has to offer – this application is categorized as a Potentially Unwanted Program (PUP) by many security products. While it does not cause harm to your system, it may impair your browser's functionality by tampering with the settings and configuring your browser to use a different new tab page or search engine. It is possible that using the websites...

Titanium

Posted: November 11, 2019 | Category: Backdoors | Threat Level: 6/10
The Platinum Advanced Persistent Threat (APT) group has been tracked since 2009 closely, and cybersecurity experts have noticed that the majority of the group's attacks are focused in the Asia-Pacific region. So far, the group's members have not been linked to any particular government or country, but it is very likely that the attacks are motivated politically, judging by the types of targets that the Platinum APT goes after. Recently, the group introduced a new piece of malware that is already being used actively – the threat, called Titanium, is a threatening backdoor Trojan that...

NACHOCHEESE

Posted: November 11, 2019 | Category: Malware | Threat Level: 6/10
APT38 is one of the most active and popular hacking groups operated from North Korea. The hackers specialize in financially-motivated attacks against regions around the entire world. Their operations are much different from other government-related APT (Advanced Persistent Threat) groups because the North Korean hackers do not seem to put any effort in limiting the damage that their malware causes. While other government-backed threat actors tend to implement checks, which ensure that their malware will only run on certain systems (depending on their configuration), the malware produced by...

Nvram Ransomware

Posted: November 11, 2019 | Category: Ransomware
Cybersecurity experts have identified a new variant of the infamous Dharma Ransomware in the wild. The threat, labeled Nvram Ransomware, is known to encrypt a wide variety of file types, therefore ensuring that its victims will have no other choice but to ask the attackers for help. Remember that it is never good to try to cooperate with ransomware developers since there is a big chance that they might end up trying to trick you out of your money. If you think that the Nvram Ransomware has locked your files, then it is recommended to try to resolve the issue by using legitimate security...

Deal Ransomware

Posted: November 11, 2019 | Category: Ransomware
The Deal Ransomware is a file-encryption Trojan that is designed with one single purpose – to wreak havoc on your computer by encrypting your important files. Threats like this one have become very popular in the hacking community recently, and they are becoming a very regular occurrence on the Internet. Cybercriminals tend to spread these threatening programs via a wide range of methods such as phishing emails, fake downloads and software updates, pirated media, game cracks, etc. It is recommended to avoid downloading files from shady sources, as well as keep your computer protected by an...

Bundesliga-streams.net

Posted: November 11, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Bundesliga-streams.net is a website that users may come across to via unwelcomed advertisements, or when they are searching for illicit streams of football matches from the German Bundesliga. Participating in the latter activity is not recommended certainly since watching pirated content is not legal, and, in addition to this, websites that host pirated streams may often be used for malvertising campaigns or to deliver advertisements that promote questionable Web destinations and downloads. Some of the social engineering tricks that the Bundesliga-streams.net website and similar pages may...
Home "Articles"