MyKings Botnet

Posted: December 19, 2019 | Category: Botnets
MyKings, also known as Smominru and DarkCloud, is a stealthy botnet, which has attacked unpatched and out-of-date Windows servers incorporating MySQL, Telnet, RDP, WMI, MS-SQL and CCTV services continually. The botnet is capable of performing a wide array of interventions with the sole purpose of … installing a Monero cryptocurrency miner. Nevertheless, it is hardly much ado about nothing since cryptominers can be, and actually are, a real pain in the neck. Its modus operandi is quite trivial. MyKings looks for unpatched Windows servers as they are usually quite susceptible to external...

BabaYaga

Posted: December 19, 2019 | Category: Malware | Threat Level: 6/10
BabaYaga is a novel piece of malware whose prime targets are WordPress-based websites. PHP-heavy websites built upon alternative content management systems such as Joomla or Drupal may prove targets, as well. Unlike any other threatening tool, BabaYaga appears to have a benevolent side. After infecting a WP site, it is capable of neutralizing other forms of malware, which may have landed on the site at an earlier stage. It may even update WordPress all by itself. However, it comes at a cost since BabaYaga has other priorities way higher on the agenda. Having breached the security of its...

Pysa Ransomware

Posted: December 19, 2019 | Category: Ransomware
Pysa Ransomware is a malicious computer threat that is known for its relentless acts of encrypting data on an infected Windows PC. The actions of Pysa Ransomware are found to be very familiar and quite predictable in the scope of how modern-day ransomware performs. Pysa Ransomware is prone to loading on a PC due to the computer user opening a spam email attachment that turns out to be malicious and destructive. In those acts, Pysa Ransomware will load and then seek out certain file types to encrypt the files and append each one with a specific file extension. During such a process, Pysa...

Mkos Ransomware

Posted: December 18, 2019 | Category: Ransomware
The Mkos Ransomware is among the newest spotted copies of the STOP Ransomware . Authors of ransomware have pumped out over 200 copies of the STOP Ransomware in 2019 alone. This makes the STOP Ransomware family the most active ransomware family in the current year. Creating ransomware threats, especially when they are a variant of an already existing threat, like the STOP Ransomware, is rather easy, which makes this a lucrative deal for many shady individuals with dubious morals. This is usually done by taking the code of the threat in question, slightly tweaking it to one's liking, and...

Dacls

Posted: December 18, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
Dacls is a Remote-Access Trojan used by hackers to seize control of a computer system via a remote network collection. Developed by the Lazarus Group cyber gang, Dacls appears to be the first North Korean malware to infect Linux-based machines. By contrast, earlier Lazarus-related threats such as the WannaCry ransomware and the numerous cryptocurrency infections in 2017 used only to attack Windows and macOS devices. Dacls’ connection with Lazarus stems from a particular domain known as thevagabondsatchel[dot]com, as well as from a couple of hardcoded strings, namely c_2910[dot]cls and...

Poison Frog

Posted: December 18, 2019 | Category: Backdoors | Threat Level: 6/10
Poison Frog is a backdoor threat linked to the OilRig group. Also known as HelixKitten and APT34, it is an Iranian cybercrime gang known for several threatening campaigns featuring the BondUpdater Trojan. Poison Frog bears its name from the domain name of its Command-and-Control server, namely poison-frog[dot]club. The Poison Frog backdoor is located within a PowerShell script embedded in a PE32, C#-coded executable. The latter only has one purpose – to execute the script and cover its tracks by removing it subsequently. However, the removal is far from real. Not only does Poison Frog...

PPDDDP Ransomware

Posted: December 18, 2019 | Category: Ransomware
In late December 2019, researchers spotted a new strain of ransomware claiming victims. The ransomware is named PPDDDP Ransomware. The PPDDDP Ransomware name is derived from the extension that the encrypted files receive. The ransomware demands payment in Bitcoin and uses the AES encryption to scramble its victims' files. The PPDDDP Ransomware payload is an executable with a randomized name. Once a file is encrypted, it receives the ".ppddp" extension. However, the entire filename is changed, using the directory name and the user account in the new composite filename. The new name is...

StrandHogg

Posted: December 17, 2019 | Category: Vulnerability
Mobile devices have become a very attractive target for cybercriminals, and it is not a surprise to find out that the number of Android-compatible malware continues to increase. Cybercrooks also are experimenting with different Android vulnerabilities, which might allow them to trick their victims into thinking that they are about to install a legitimate program, when, in reality, they would be running a threatening program designed to harvest information from their devices. One of the recently discovered Android vulnerabilities is StrandHogg, and it may enable attackers to craft unsafe...

Chch Ransomware

Posted: December 17, 2019 | Category: Ransomware
The ransomware field is full of file-lockers based on some of the most popular ransomware families like the STOP Ransomware or the Dharma Ransomware. However, it seems that some cybercriminals are still trying to experiment with file-encryption Trojans that were developed from scratch. This is the case of the Chch Ransomware, a new piece of file-locking malware that was seen online by cybersecurity researchers. According to their analysis of the threatening program, the Chch Ransomware is able to cause long-term damage to the file system of its victim, and then extort them for money by...

1microsoft-windows.com

Posted: December 17, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Online con artists often experiment with various ways of attracting the attention of their targets and then making them an offer that sounds very attractive. One of these groups of con artists appears to be behind the page 1microsoft-windows.com – a website, which uses the Microsoft Windows logo frequently and claims to provide its visitors with legitimate information about their computers' health and security. It is important to know that the 1microsoft-windows.com page is not affiliated with Microsoft, and all of its contents are fake. The sole purpose of 1microsoft-windows.comis to scare...

Anchor

Posted: December 16, 2019 | Category: Backdoors | Threat Level: 6/10
TrickBot has been one of the most popular malware families in the past two years, and it is being used aggregated with other innovative cyber-threats that aim to enhance TrickBot's functionality frequently. One of the most recent campaigns to involve the TrickBot Trojan also introduced a new malware family to cybersecurity experts – the Anchor Backdoor Trojan. This malware family has not been used in previous attacks, and so far, it has not been used without being accompanied by TrickBot. There are speculations that the authors of the Anchor backdoor might be the same people responsible for...

Warzone RAT

Posted: December 16, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
Warzone RAT is a purchasable Remote Access Trojan that is being promoted on underground hacking forums actively. Its authors also have set up an official website that sells the product and advertises it as a legitimate remote assistance tool. However, a quick look at the Warzone RAT's list of features reveals a long list of monitoring tools and info-stealing modules, which are not typical for legitimate software certainly. In addition to the paid versions of the Warzone RAT, there are multiple cracked ones being distributed online, so it is safe to say that thousands of cybercriminals may...

Nbes Ransomware

Posted: December 16, 2019 | Category: Ransomware
The Nbes Ransomware is a threatening file-encryption Trojan that possesses the ability to cause long-lasting damage to the files it finds on an infected computer. The goal of the Nbes Ransomware and similar threats is to encrypt a large portion of the victim's files, and then offer to provide them with a data recovery solution in exchange for money. Often, ransomware operators ask for hundreds of dollars for their decryption services, and the case of the Nbes Ransomware is not any different – its operators ask for a ransom payment of $490, and threaten to double the sum if the transaction...

'Nonanachronistic.icu' Pop-Ups

Posted: December 16, 2019 | Category: Adware | Threat Level: 2/10
Online con artists are becoming more creative with their fraudulent schemes. While technical support tactics have been around for many years, they continue to be improved by using new strategies whose goal is to collect information from the target. One of these new technical support tactics is promoted via the 'Nonanachronistic.icu' pop-ups, and it aims to achieve three things: Convince the victim to call a fake technical support number. This might give the con artists a chance to try to sell overpriced and fake products or services. Convince the victims to enter the username and...

DMR Ransomware

Posted: December 13, 2019 | Category: Ransomware
Ransomware continues to be the most common hacking tool found in the arsenal of cybercriminals. There are so many open-source ransomware projects available online that even cybercrooks with zero programming knowledge can craft a working and threatening file-locker in a matter of hours. One of the latest ransomware samples to be spotted online is called the DMR Ransomware – this threat does not appear to share any similarities with the popular ransomware families of 2019, and there is a chance that the threat actor behind this project may have developed it from scratch. Cybersecurity...

Montserrat Ransomware

Posted: December 13, 2019 | Category: Ransomware
The Montserrat Ransomware is a new file-locker that is being distributed online using various tricks such as fake downloads and updates, torrent trackers, game tracks and bogus email attachments. The purpose of this file-locker is simple – it aims to cause damage to the files of its victims and render them unusable. After this, it tells its victims that they can restore access to their files by paying for the decryption services offered by the Montserrat Ransomware's author. This is the most common strategy that ransomware authors develop, and it is typical for high-profile ransomware...

VeePN

Posted: December 13, 2019 | Category: Potentially Unwanted Programs (PUPs)
VeePN is the name of a deceptive VPN service that can be installed as a browser extension for Google Chrome. Users who install the VeePN application and expect to protect their online privacy may soon find out that the free services offered by VeePN are not the best in terms of quality – users report that there is a very limited number of VPN servers available, and the connection is very, very unstable. Furthermore, users who have VeePN's services enabled may end up encountering an increased number of advertisements during their Web browsing sessions. VeePN's name is associated with...

Awesome Sports Search

Posted: December 13, 2019 | Category: Potentially Unwanted Programs (PUPs)
Awesome Sports Search is a dubious browser extension that users might be tempted to install because it promises to provide them with a neat and convenient way to discover the latest news, updates, and gossip from the world of sport – regardless if we are talking about football, soccer, basketball, hockey, baseball or other popular sports. While this might sound like a great utility to have at your disposal, you should not forget that all of this information can be accessed with a quick Web search, and you do not need 3rd-party utilities to prepare it for you certainly. Apart from not...

Krampus-3PC

Posted: December 12, 2019 | Category: Malware | Threat Level: 6/10
Krampus-3PC is a peculiar piece of malware that operates online entirely and does not leave any files on the devices it compromises. Another unique thing about this malware family is that it makes several checks to determine the maker of the device that stumbled upon the infected page – this helps ensure that it will only affect Apple users, and Android users will be dodged. It is not clear where the threat actor behind the Krampus-3PC originates from, nor are there any clues on why they target Apple devices exclusively. The Krampus-3PC malware targets mobile devices solely, and the...

SearchAdditionally

Posted: December 12, 2019 | Category: Adware | Threat Level: 2/10
SearchAdditionally is a deceptive application that is only compatible with computers running the Mac OSX. The purpose of this application is to bombard the user's Web browser with advertisements and suspicious promotions that can often seem very attractive. However, the application might be advertised as a legitimate utility that can enhance the user's ability to search the Web and find the most relevant results. In addition to displaying annoying advertisements and pop-ups, SearchAdditionally also may collect Web browsing information that can either be sold to online marketing companies or...
Home "Articles"