InitialWindow

Posted: September 17, 2020 | Category: Potentially Unwanted Programs (PUPs)
Potentially Unwanted Programs (PUPs) and adware have become a very common issue that macOS users have to deal with. Apple's operating system was considered to be an impossible target for cybercriminals until a few years ago but, unfortunately, times have changed. Nowadays, macOS is being targeted not just by harmless software like PUPs and adware, but also be high-profile malware such as Remote Access Trojans (RATs,) keyloggers, and others. The subject of this post, InitialWindow, a Potentially Unwanted Program (PUP) that runs on macOS exclusively. This software does not have an official...

Xorist-TAKA Ransomware

Posted: September 17, 2020 | Category: Ransomware
The Xorist-TAKA Ransomware is a file-locking Trojan from Xorist Ransomware's family, which uses a 'freeware' Trojan-builder kit. It can stop users from opening their files by encrypting them and includes symptoms such as changes to extensions and pop-up alerts with ransom instructions. Users should withhold ransoms, if practical, let their anti-malware services remove the Xorist-TAKA Ransomware infections, and recover from backups or freeware services. What's perhaps a semi-targeted campaign against Bengali victims is just making itself known in the threat landscape. The Xorist-TAKA...

PewPew Ransomware

Posted: September 17, 2020 | Category: Ransomware
The PewPew Ransomware is a file-locking Trojan that blocks media on Windows computers and holds it hostage. Like most of its kind, the PewPew Ransomware includes multiple ransom notes for premium data recovery and changes any locked files' names. Users should always have backups on other devices for optimal recoveries and let trusted anti-malware products contain or delete the PewPew Ransomware when they identify it. With its genealogy doubtful, the Trojan calling itself PewPew Ransomware is open to speculation on how its threat actor created it or is planning on distributing it out in...

Wannacry666 Ransomware

Posted: September 17, 2020 | Category: Ransomware
The Wannacry666 Ransomware is a file-locking Trojan that comes from a kit-based family known as the Xorist Ransomware. The Wannacry666 Ransomware can block files of the attacker's preference (usually, digital media like documents, music, pictures or movies) while showing the user its ransom note. Users with backups or free decryption options may restore their files without considering the ransom, and anti-malware programs compatible with Windows will safely remove the Wannacry666 Ransomware. A threat actor makes possibly-mocking references to ancient Trojan history in his new attacks,...

TEREN Ransomware

Posted: September 17, 2020 | Category: Ransomware
The TEREN Ransomware is a file-locking Trojan or a program that can block files of formats related to media like documents, pictures, etc. The TEREN Ransomware attack uses a secure encryption method based on the Dharma Ransomware family and isn't unlockable by third parties, in ordinary circumstances. Anti-malware products for Windows should delete the TEREN Ransomware, but backups may be necessary for comprehensive data retrieval. Thanks to being available cheaply to threat actors with no more programming talent than they deem necessary, the  Dharma Ransomware  is one of the top...

Sheppared.club

Posted: September 16, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Sheppared.club is a website that specializes in displaying fraudulent pop-ups and messages whose goal is always the same – to hijack your browser notifications. For the page to achieve this, it needs to convince visitors to click the 'Allow' button shown on their screen. It convinces them to do this by displaying messages saying that users need to click 'Allow' to play a video or confirm that they are not robots. Falling for a simple tactic like this one is not unsafe, but it may lead to some annoying consequences – for example, Sheppared.club will bombard your browser with notifications...

Trendopportunityfollow.ga

Posted: September 16, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Trendopportunityfollow.ga is a fraudulent page that tries to gain access to use your browser notifications on a regular basis. Of course, the website's creators know that no one would grant a random page such permissions, and this is the motive they have opted to rely on misleading instructions and messages to trick users into granting the website the permissions it asks for. When you stumble upon Trendopportunityfollow.ga, you will be presented by a warning screen, which reads 'Click Allow if you are not a robot' accompanied by a loading animation. This might seem like a legitimate check,...

News-back.net

Posted: September 16, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Fake video players are one of the favorite weapons that online con artists use to convince their targets to perform specific actions. Years ago, such tricks were used to propagate bogus Adobe Flash Player updates that often delivered adware or even harmful software to the victim's computer. Nowadays, these fraudsters are using this trick for something far less threatening. The page at News-back.net hosts a fake video player that asks users to 'Press allow to watch the video.' This request may seem innocent, but we assure you that nothing good will come out of it. If you click 'Allow' you...

Lina Ransomware

Posted: September 16, 2020 | Category: Ransomware
The Lina Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. The Lina Ransomware can wipe local backups, block files with encryption for holding them for ransom, change files' extensions, and create ransom notes. Most anti-malware programs will detect and remove the Lina Ransomware before it endangers any files sufficiently, although a secured backup also is preferable for all users. File-locking Trojans from the  Dharma Ransomware  business, a Ransomware-as-a-Service, are prolific incredibly, if not necessarily very different...

VuLiCaPs Ransomware

Posted: September 16, 2020 | Category: Ransomware
The VuLiCaPs Ransomware is a file-locking Trojan from the Xorist Ransomware family, whose name refers to the encryption method it uses for blocking files. Appropriately-secure backups will nullify most issues from infections, such as losing access to one's digital media. Compatible anti-malware services for Windows environments also will identify and remove the VuLiCaPs Ransomware in nearly all cases. The  Xorist Ransomware  is not nearly as visibly expansionist as most Trojans families that share its motives and methods but is no less threatening for its lower profile. As new...

AHP Ransomware

Posted: September 16, 2020 | Category: Ransomware
The AHP Ransomware is a file-locking Trojan from the Ransomware-as-a-Service known as the Crysis Ransomware and the Dharma Ransomware. The AHP Ransomware deletes the user's local backups while encrypting their media and holding it for ransom. Users can protect themselvesand their machines by securing their backups adequately and having available anti-malware software for removing the AHP Ransomware upon detecting the threat. Fake parts of Windows can be a convenient mask for Trojans, which often are compatible with that operating system and require avoiding attention until they finish...

NPPH Ransomware

Posted: September 16, 2020 | Category: Ransomware
The NPPH Ransomware is a file-locking Trojan that comes from a Ransomware-as-a-Service known as the STOP Ransomware. Users should have backups for protecting their work from its attacks, which can block files with impenetrable encryption. Appropriate anti-malware services also should find and remove the NPPH Ransomware without issues. The  STOP Ransomware , also identifiable by the name of one of its earliest releases,  Djvu Ransomware , is one of the most populous Ransomware-as-a-Services for the year easily. Owing prominence to ease of use, potent encryption security, and...

MrbMiner

Posted: September 16, 2020 | Category: Malware | Threat Level: 6/10
Cybercriminals continue to try and exploit different systems to plant their threatening software on them. One of the latest cybercrime gangs to participate in such a campaign is using a brand new piece of malware dubbed MrbMiner. So far, active copies of the threat have only been found on MSSQL servers whose security was probably compromised by the criminals. It is not clear what infection vector or attack technique they use, but it is very likely that they are scanning the Internet for unsecured MSSQL servers that use weak login credentials. It seems like these brute-force attacks are...

ExtendedProcesser

Posted: September 15, 2020 | Category: Mac Malware
ExtendedProcesser is a macOS application whose installation may lead to undesired changes to your Web browser's behavior. The program is not unsafe, but its installation will bring some intrusive changes that will manipulate your Web browser's behavior. Thankfully, ExtendedProcesser's abilities are not used for nefarious purposes – instead, it simply redirects your searches to 3rd-party websites that may deliver unreliable results accompanied by plenty of advertisements. The good news for macOS users is that they can solve the issue by using a reliable macOS security tool that is capable...

Lastmedias.biz

Posted: September 15, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Lastmedias.biz is a Web page that you may encounter when trying to find downloadable copies of popular movies and TV series. However, Lastmedias.biz does not deliver such content and, instead, it merely pretends to host a downloadable file. According to Lastmedias.biz's messages, the 'Download' can only be unlocked if you press the 'Allow' button on the screen's top. The catch is that this button is not meant to unlock any download and, instead, it serves to allow Lastmedias.biz to deliver notifications to your Web browser. If this change is allowed, you will end up being bothered by...

Mediacamp.pro

Posted: September 15, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Mediacamp.pro is a Web page that may show in your Web browser when you are trying to download files from a shady source. Mediacamp.pro's content is likely to show up as a pop-up, which displays a fake 'Download' button that can supposedly be unlocked of you click 'Allow' first. However, even if you follow Mediacamp.pro's instructions, you will not end up getting access to any download. Instead, you will subscribe to Mediacamp.pro's notifications unknowingly, therefore enabling the page to deliver dozens of notifications to your Web browser. Once Mediacamp.pro acquires the permissions it...

Spendence.club

Posted: September 15, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Hijacking browser notifications are, apparently, a very profitable tactic for online con artists. They use a wide range of websites to trick users into subscribing to the unwanted notifications that the website offers unknowingly. For example, computer users may be told that they need to click 'Allow' to confirm that they are not a robot, but, in reality, this action is meant to subscribe them to the notifications of a low-quality Web page like Spendence.club. The tactic found on Spendence.club is exactly the same as the one described above, and users who fall for the trick may end up...

Vinphone.xyz

Posted: September 15, 2020 | Category: Browser Hijackers | Threat Level: 5/10
Online con artists continue to improve their tactics to maximize the odds that random users will fall for them. One of the popular tactics used to hijack browser notifications involves displaying a fake video player, accompanied by a prompt saying 'Click Allow to play the video.' While this tactic already worked in many cases, it seems that the fraudsters were not satisfied with the results. They decided to improve it even further by introducing the tactic concept found on Vinphone.xyz. This website hosts a fake video player accompanied by a screenshot from a 'Disney' film – this may leave...

SmartResultsRemote

Posted: September 15, 2020 | Category: Mac Malware
SmartResultsRemote, also called SmartResultsRemote Search, is a Potentially Unwanted Program (PUP), which may cause some trouble for macOS users. However, this program is not unsafe in any way, and the worst that its installation can cause is to modify some of your Web browser's settings. The changes that SmartResultsRemote brings have one sole purpose – to get more traffic to 3rd-party search engines that the developers of SmartResultsRemote want to promote. It is very likely that the search engines in question will contain paid advertisements, and the revenue they generate goes to this...

'Double Your Bitcoins' Scam

Posted: September 15, 2020 | Category: Adware | Threat Level: 2/10
Cryptocurrency users often are targeted by fraudsters who are exploring different tactics to gain access to their victims' funds. Usually, they do not try to hijack the user's wallet and, instead, they try to use misleading promises and messages to convince the victim to send them money willingly. This is the case with the tactic we will discuss today – the 'Double Your Bitcoins' scam. This tactic appears to be promoted via fake websites that bear names similar to popular companies – for example, one of the con artists' domains is Apple-event.org. Needless to say, this page has nothing to...
Home "Articles"