'CRITICAL_PROCESS_DIED' Pop-Ups

Posted: December 12, 2019 | Category: Adware | Threat Level: 2/10
Online technical support tactics continue to be a profitable and shady business for con artists. The crooks behind these schemes usually set up fake Web pages that are designed to display scary-looking alerts and messages, which tell visitors that their computers have encountered a major problem, or their devices have been infected by a threatening virus. One of the messages used in such a tactic claims that the computer has encountered a 'Stop code: CRITICAL_PROCESS_DIED,' and the user must contact 'Microsoft Support' to resolve the issue. Needless to say, this is not a legitimate error...

Hoardy

Posted: December 11, 2019 | Category: Backdoors | Threat Level: 6/10
Hoardy is a backdoor Trojan that has been used by the Flea hacking group to target government officials prior to the G20 Summit that took place in 2014. However, this is not the only case in which this Trojan was employed in attacks against high-profile targets certainly – the malware possesses a wide range of abilities, which make it the perfect choice for attacks in which the perpetrators want to take full control over the compromised host. Attacks that involve the Hoardy backdoor Trojan have a relatively short lifespan, which might mean that the attackers are looking to exfiltrate data...

Khalesi

Posted: December 11, 2019 | Category: Malware | Threat Level: 6/10
Infostealers are small pieces of threatening software whose purpose is to work on the infected host silently, and exfiltrate information related to various services, messaging clients and websites. The data is usually sent to a remote Command & Control server under the control of the con actors behind the attack, and it can then either be used to cause harm or it can be resold to other cybercrooks. One of the infostealers active in the wild is called Khalesi, and it appears to attempt to exfiltrate information from a broad range of services and applications. Threats like the Khalesi...

TheEasyWayPro

Posted: December 11, 2019 | Category: Potentially Unwanted Programs (PUPs)
TheEasyWayPro is a Web browser extension, which claims to be a useful helper tool for users who have to look for directions and online maps frequently. The extension is meant to provide its users with quick access to popular online map services, but it is important to mention that the services in question are not affiliated with the developer of TheEasyWayPro – instead, the extension simply refers users to popular online services like Google Maps. This means that TheEasyWayPro does not have any irreplaceable features, and its installation does not really enhance your Web browsing experience...

Startrafficc.com

Posted: December 11, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Startrafficc.com is a bogus page designed to display decoy videos and content that the users cannot view unless they perform a certain action. Often, tricks of this sort are used to promote fake downloads and updates that may contain a harmful file, but the Web administrator of Startrafficc.com has opted to adopt a much less harmful strategy – they simply ask their visitors to subscribe to the website's notifications. Although this might not sound like an issue, there are several things you should know: Websites that ask you to enable notifications to view embedded media are likely to...

Misleading:Win32/Lodi!MSR

Posted: December 10, 2019 | Category: Misleading Programs | Threat Level: 10/10
Misleading:Win32/Lodi!MSR is a detection name used by the Windows Defender Antivirus. It is important to note that this detection is not associated with a particular piece of software or file and, instead, it is a so-called heuristic-based detection. This technique is being used by every reputable anti-virus product, and it allows anti-virus engines to scan files to look for particular suspicious properties – positive matches are not always a guarantee that a file is harmful, so it is entirely possible that you may see the Misleading:Win32/Lodi!MSR alert being reported for a file downloaded...

AppleJeus

Posted: December 10, 2019 | Category: Backdoors | Threat Level: 6/10
Malware researchers have identified a new Trojan backdoor that packs some interesting features and is being distributed via fake cryptocurrency trading exchanges that are designed to look like legitimate services. Users who wish to become customers of the exchanges in question might be asked to download a special cryptocurrency trading platform, which will install the AppleJeus backdoor on their systems silently. What is unique about this threat is that it has versions for Windows and OSX, and both of these variants are spread using the same tricks. While the Windows variant of the backdoor...

Lazarus Ransomware

Posted: December 10, 2019 | Category: Ransomware
Internet users should be wary of a new high-profile file-encryption Trojan that is being spread online. The threat, dubbed Lazarus Ransomware, has the ability to cause irreversible damage to the data of its victims, and then it offers to provide them with a data recovery service in exchange for a significant ransom fee. It is not clear who is responsible for the Lazarus Ransomware, but one thing is for sure – they have managed to craft a threatening file-locker that needs just a few minutes of activity to cause a lot of damage to your file system. If you end up running the Lazarus...

Microsoft-one.com

Posted: December 10, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Cybercriminals and online con artists impersonate reputable individuals or companies to trick their targets into performing certain actions frequently. This is the strategy adopted by the administrators of Microsoft-one.com, a website that is made to look as if it is affiliated with the Microsoft Corporation. Trying to visit the main page results in an immediate redirect to Microsoft's official website, which is likely to cause users to think that the URL is legitimate. However, the shady part of Microsoft-one.com is not its main page – it is the various sub-directories that have been...

Rex-news1.club

Posted: December 10, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Rex-news1.club is a website dedicated to spawning undesired advertisements by taking advantage of the Web browser's ability to display notifications from authorized Web pages. However, before it can use its aggressive advertising techniques, the administrators of Rex-news1.club needs to get the user's permission to make use of the browser's notifications. To achieve this, they have set up a list of fake pages that display a fake media player and ask the user to click 'Allow' on the 'Show Notifications' prompt to view the embed media. This is a common strategy that online con artists use to...

IconDown

Posted: December 9, 2019 | Category: Downloaders | Threat Level: 5/10
Trojan downloaders are small hacking tools that cybercriminals use to deliver threatening payloads to their victims seamlessly. Often, these downloads rely on innovative techniques and tricks whose purpose is to obfuscate the program's true intentions and help it avoid anti-virus engines and other security measures. One of the Trojan downloaders to be seen in action recently is called IconDown, and it is used by a group of cybercriminals that are referred to as BlackTech frequently. BlackTech is an Advanced Persistent Threat (APT) group that operates in Asia primarily, and their...

Afrodita Ransomware

Posted: December 9, 2019 | Category: Ransomware
Targeted ransomware attacks are not a new trend indeed, but usually, they are carried out with the use of high-profile file-encryption Trojans that took a long time to develop. The Afrodita Ransomware, on the other hand, is a reasonably simple file-locker. Despite its rather basic design, its authors have opted to use it in a targeted attack instead of relying on quantity over quality. Reportedly, the ransomware is targeting Croatian businesses exclusively, and it is being distributed with the use of corrupted email messages that contain a file attachment that looks like a harmless...

Gesd Ransomware

Posted: December 9, 2019 | Category: Ransomware
File-encryption Trojans are still the most popular weapon in the arsenal of cybercriminals, and this is unlikely to change unless users start to take the necessary measures to protect their files and limit the profits of cybercriminals. One of the ransomware families most active in the past two years has been the STOP Ransomware, and, unfortunately, just a handful of its variants are decryptable for free. This ransomware family contains nearly 200 different variants, and the majority of them are impossible to decipher, which limits the data recovery options of their victim severely. One...

Zeppelin Ransomware

Posted: December 9, 2019 | Category: Ransomware
The Zeppelin Ransomware appears to be a new file-locker project that does not share similarities with the popular ransomware families of 2019. The threat actor behind it is unlikely to be new to the malware development scene since the Zeppelin Ransomware seems to possess a working file-encryption routine that has not been deciphered yet. It is not clear if the Zeppelin Ransomware is being spread online already, but the threatening samples analyzed by malware researchers appeared to be finished and polished, so it is safe to assume that the Zeppelin Ransomware will be released in the wild...

Buer

Posted: December 6, 2019 | Category: Trojans | Threat Level: 8/10
Buer is the name of a Trojan Loader that is being developed by Russian-speaking threat actors actively, and they have opted to sell it on underground hacking forums, instead of using it in their own harmful campaigns. Unfortunately, this is not good news at all since commodity malware tends to attract the attention of hundreds of cybercriminals when we are talking about a developing and feature-rich threat such as the Buer Loader, especially. According to the Russian posts advertising this threat, customers can purchase the full package for around $400, and this will provide them with...

Sihost

Posted: December 6, 2019 | Category: Malware | Threat Level: 6/10
Politically-motivated cyberattacks have been around since cybercrime became a thing, and it is not a surprise that participants in the ongoing Hong Kong protests are the latest group of people to be targeted by a state-sponsored threat actors. At the beginning of October 2019, a participant in the protests received an email, which was planned to look as if it came from Western law students – they wanted to learn more about the protests, and were working on a paper regarding 'recommendations to end the Hong Kong protests.' The email message was accompanied by three files – two of which were...

POSHC2

Posted: December 6, 2019 | Category: Downloaders | Threat Level: 5/10
POSHC2 is the name of a legitimate exploitation framework whose original purpose is to aid penetration testers in their attempts to ensure that the networks they are taking care of are invulnerable to cyber-attacks. Unfortunately, the POSHC2 framework also is available for free, with its entire source code exposed for the Internet to access – this has allowed cybercriminals to harvest some of the framework's core modules, apply small changes to them, and turn them into fully-fledged threats that can be used to launch threatening attacks against companies and corporations worldwide. One of...

Redrum Ransomware

Posted: December 6, 2019 | Category: Ransomware
The Redrum Ransomware is a newly spotted file-encryption Trojan that is yet to be analyzed thoroughly. However, the initial indications are that it uses an encryption routine that cannot be deciphered, and its victims will only be able to restore their data from a backup copy. If a backup is not available, then they might have partial success with the use of alternative data recovery options, but it is unlikely that they will be able to make a full recovery. The purpose of the Redrum Ransomware is not surprising – once the ransomware infects a host, it will launch a file-encryption attack...

ZeroCleare

Posted: December 5, 2019 | Category: Malware | Threat Level: 6/10
Advanced Persistent Threat (APT) groups usually possess hacking tools of the highest quality, and their attacks are opportunistic rarely. Instead, they select their targets carefully and develop complicated attack strategies that maximize their chances of success. Often, the attacks of APT groups aim to collect data, confidential documents, or perform reconnaissance operations on high-profile figures. However, there are some other cases in which these groups tend to adopt a much different strategy – they just cause as much damage as possible, and aim to take down a company's network...

CILLA Ransomware

Posted: December 5, 2019 | Category: Ransomware
The CILLA Ransomware is a file-encryption Trojan whose devastating attack can cause permanent damage to your files potentially. Ransomware attacks are harmful exceptionally because their purpose is to encrypt a large portion of your data and then offer to sell you a decryption service that can often cost hundreds or even thousands of dollars. To make matters even worse, the threat actors behind these attacks provide proof that the decryption of your files is possible rarely and also demand to be paid via Bitcoin or another cryptocurrency – payment methods, which make it impossible to track...
Home "Articles"