Dudell

Posted: December 30, 2019 | Category: Malware | Threat Level: 6/10
Bogus Microsoft Office documents are one of the favorite tricks that cybercriminals use to spread their threatening applications. One recent campaign that relies on macro-laced Microsoft Excel documents is linked to the Dudell malware family – a new threat that is likely to be the product of Rancor, an infamous cybercrime organization. This group specializes in cyber espionage campaigns, hence why their targets are often businesses operating in different industries. The Dudell malware is able to exfiltrate sensitive data from the compromised network, as well as to manage the running...

BIOLOAD

Posted: December 30, 2019 | Category: Trojans | Threat Level: 8/10
Financially motivated threat actors often work with silent malware that enables them to perform long-term reconnaissance operations and attacks that aim to exfiltrate sensitive data from their victim's network. One of the most famous names in this cybercrime sector is FIN7, a group of hackers who use custom-developed malware to carry out their threatening operations. One of the recent additions to their arsenal is BIOLOAD, a Trojan Loader that does nothing on its own, and it is always used in combination with another payload. In FIN7's recent campaigns, they have almost always used BIOLOAD...

R00t Ransomware

Posted: December 30, 2019 | Category: Ransomware
File-lockers continued to be the most valuable tool in the arsenal of cybercrooks throughout 2019. These clever pieces of malware are able to cause significant damage to the file systems of their victims in no time, and recovering from their attack often may be an impossible task. One of the recent file-encryption Trojans to be seen in the wild is the R00t Ransomware, which is believed to be based on the Paradise Ransomware – a file-encryption Trojan family that was rather active at the beginning of 2019. The cyber crooks behind the R00t Ransomware campaign may opt to use a variety of...

Parad1gm Ransomware

Posted: December 30, 2019 | Category: Ransomware
Dealing with ransomware can be very difficult when you have to tackle the consequences without a reliable backup copy of your files, especially. Ransomware threats specialize in encrypting file formats that are likely to contain valuable data and then extort the victims by offering to provide them with a decryption solution in exchange for money. To make matters even more complicated, the masterminds behind these threats prefer to receive the money via a cryptocurrency transaction, so it would be impossible to track or refund the money in case they do not provide the decryption tool. One...

'Your Windows 10 is not Updated' Support Scam

Posted: December 29, 2019 | Category: Adware | Threat Level: 2/10
The 'Your Windows 10 is not Updated' support scam is a fake update that can trick victims into installing unwanted or even threatening software. Users should double-check update sources for their authenticity and always reject ones arriving from third-party websites. Most anti-malware products offer browser protection against these attacks and their payloads, and should block a 'Your Windows 10 is not Updated' support scam automatically. Although the average PC owner is becoming more aware of the value of updating their OS, criminals and con artists are doing their best to turn that...

'Your Windows 10 is Damaged and Irrelevant' Support Scam

Posted: December 29, 2019 | Category: Adware | Threat Level: 2/10
The 'Your Windows 10 is Damaged and Irrelevant' support scam is a tactic browser-based attack that fakes Windows errors, and associated update prompts. Safe browser settings and habits can remove most of the risk from encountering this tactic and any potential drive-by-download exploits. Users also can keep anti-malware products close at hand for blocking a 'Your Windows 10 is Damaged and Irrelevant' support scam and its payloads. Like the "McAfee Has Blocked Your Windows" Support Scam or the Fake WindowsUpdater Ransomware that came before it, the 'Your Windows 10 is Damaged and...

URGENT/11

Posted: December 29, 2019 | Category: Vulnerability
URGENT/11 is a family of bugs that impact the VxWorks operating system. Although certified branches of VxWorks are at minimal risk, non-certified ones are in danger of worms exploiting these bugs and compromising entire networks relatively quickly. Administrators should patch all associated machines immediately while maintaining the use of existing anti-malware solutions for deleting any threats related to URGENT/11 intrusions. A majority of both researcher and criminal interest in discovering – or exploiting – bugs in software and hardware come down to generic work environment and...

Meltdown

Posted: December 29, 2019 | Category: Vulnerability
Meltdown is a vulnerability that could let an attacker access information in memory while bypassing security protocols. Meltdown affects processors, particularly, Intel-brand models. Users can reduce the risk by installing relevant security patches for their OS, using modern processors, and letting anti-malware products manage removing threats related to Meltdown attacks. In service to performance, some processors leap before they look, with resulting unintended consequences for their security. Meltdown is one of the ways that threat actors could take advantage of performance-improving...

Spectre

Posted: December 29, 2019 | Category: Vulnerability
Spectre is a broad vulnerability in-branch prediction-using processors. Spectre affects all operating systems potentially, including smartphones and other mobile devices, as well as standard computers. Although its potential for abuse is theoretical currently, users still should install appropriate security patches, when applicable, and keep anti-malware tools for deleting any threats that an attacker might install after using Spectre vulnerabilities. When it comes to software and hardware vulnerabilities, the devil lies in the details, which can range from a relatively narrowly-defined...

BlueBorne

Posted: December 29, 2019 | Category: Vulnerability
BlueBorne is a family of vulnerabilities that affects Bluetooth-using PCs and other devices, including multiple operating systems and both phones and many kinds of IoT products. Through exploiting them, an attacker may monitor to tamper with network traffic or create a backdoor for controlling the infected device. Users should install patches for closing all BlueBorne vulnerabilities and depend on reliable anti-malware solutions for removing any threats that they deliver. Bluetooth is a boon for anyone who owns a wireless headset, wireless speakers, or other, network-communicating...

"Congratulations Dear Amazon Customer" Scam

Posted: December 29, 2019 | Category: Adware | Threat Level: 2/10
The "Congratulations Dear Amazon Customer" scam is a social engineering attack that tricks Web surfers into providing personal information, such as credit card credentials. The "Congratulations Dear Amazon Customer" scam circulates on third-party websites that impersonate Amazon.com through shared graphical UI elements. Users should avoid contact with sites distributing this attack, use anti-malware tools for blocking the "Congratulations Dear Amazon Customer" scam, and contact their bank or credit card company afterward, if applicable. As companies like Microsoft, Google, Apple, and...

Mozi Botnet

Posted: December 27, 2019 | Category: Botnets
Many of the newly discovered botnets focus on Internet-of-Things devices that are often secured and vulnerable to remote attacks poorly. However, the Mozi Botnet is a newly discovered project whose authors appear to go after Internet routers exclusively. To infect devices, they take advantage of a broad range of known vulnerabilities and exploits that are likely to work on devices that use outdated firmware – many people do not take the required steps to apply the latest security patches for their router's firmware. Therefore, they are the exact group that the operators of the Mozi Botnet...

JsOutProx

Posted: December 27, 2019 | Category: Malware | Threat Level: 6/10
JsOutProx is the name of a JavaScript implant that was employed in phishing attacks against major businesses in different parts of the world recently. Often, these implants are disguised with legitimate and harmless file extensions, but the crooks behind JsOutProx have not adopted such measures – their threatening implant is spread as a '.JS' (JavaScript) file that often bears a name that resembles the one that would be used by a legitimate document. Trying to analyze the contents of the '.JS' file is futile because its contents are obfuscated heavily – it contains over 10,000 lines of...

HackdoorCrypt3r Ransomware

Posted: December 27, 2019 | Category: Ransomware
Having your files locked by the HackdoorCrypt3r Ransomware is bad news because this file-locker cannot be countered via free file decryption tools. It appears to use a secure file-encryption routine that is impossible to crack, and this means that its victims will need to resort to alternative file recovery measures that may not always work well. One of the notable things about the HackdoorCrypt3r Ransomware is that it uses the ransom note layout and style used by the STOP Ransomware and its variants – however, there are no other connections between the two ransomware families. Users...

DecYourData Ransomware

Posted: December 27, 2019 | Category: Ransomware
The DecYourData Ransomware is a new piece of ransomware that is being spread online via various means – it may be disguised as a software crack or a game crack. Of course, its authors may opt to adopt other propagation techniques, such as disguising their threatening application as a fake download. If the DecYourData Ransomware ends up being run on an unprotected computer, it may encrypt a large number of files in just a few minutes. The threat is programmed to go after popular file formats such as documents, spreadsheets, presentations, archives, images, videos and others. Whenever the...

Horriblemorning Ransomware

Posted: December 20, 2019 | Category: Ransomware
The Horriblemorning Ransomware is a file-locking Trojan that's from the second edition of the Globe Imposter Ransomware family. Just like the older versions, it uses encryption for locking files on Windows systems out of hopes of selling victims its unlocking help. Appropriate backups can avoid any danger of data loss, and most anti-malware products should delete Horriblemorning Ransomware by default. Waking up is the most vulnerable moment in most people's schedules, but some server administrators may find themselves in a worse situation than others. A new file-locking Trojan coming out...

Legion Loader

Posted: December 20, 2019 | Category: Droppers | Threat Level: 8/10
Legion Loader is a name assigned to a newly discovered form of a threatening software that is capable of dropping malware onto a targeted system. Funnily nicknamed ‘a hornet’s nest,’ the Legion Loader is just a dropper capable of planting a group of harmful tools in one take. While most of those tools are low-level threats such as Raccoon , Vidar and Predator the Thief , researchers also have observed cases of cryptocurrency embezzlement, RDP exploitation and data extraction, to name but a few. To download additional malware onto the affected PC, Legion Loader has to grab it from a...

Forshare

Posted: December 20, 2019 | Category: Malware | Threat Level: 6/10
Forshare is a threatening Trojan horse, which acts as a backdoor when planted on a target PC. Thanks to Forshare, the cyber crooks behind the attack are able to bypass the computer’s authentication algorithms. If planted successfully, Forshare may be used by those crooks to smuggle additional malware into the host machine. Although Forshare first hit the headlines in May 2017, it has since been deployed in various attacks on a regular basis. One of the most recent campaigns to deliver the Forshare executable was related to the MyKings Botnet . In this attack, Forshare served as a...

Prometey Ransomware

Posted: December 20, 2019 | Category: Ransomware
The Prometey Ransomware is a new malware threat that gots public attention in the cybersecurity world since the beginning of October 2019. It exhibits the classic capabilities and features of a ransomware infection by encrypting files on victims’ computers through the AES encryption algorithm and demanding the payment of a ransom in exchange for a decryption key. The encrypted files include images, video and audio files, text documents, backups and banking data. A text file whose name consists of a victim-specific ID , followed by “-help.txt,” contains the ransom note, and explains that...

'ponce.lorena@aol.com' Ransomware

Posted: December 19, 2019 | Category: Ransomware
The 'ponce.lorena@aol.com' Ransomware is a file-locking Trojan that comes from the family of the Globe Imposter Ransomware – which imitates its competitor, the Globe Ransomware. Both families use similar attacks that encrypt your files so that they can't open and create ransom notes that sell their unlocking assistance. Users can maintain backups carefully for recovering without paying a ransom and use anti-malware utilities for deleting the 'ponce.lorena@aol.com' Ransomware. Since its evolution to the Globe Imposter 2.0 Ransomware , the Ransomware-as-a-Service family is more secure...
Home "Articles"