Righ Ransomware

Posted: December 5, 2019 | Category: Ransomware
The Righ Ransomware is a high-profile cyber-threat whose attack is capable of causing potentially irreversible damage to documents, images, archives, databases, videos and other commonly used file formats. This threat might be distributed online via several tricks and techniques – torrent trackers, pirated adult videos, pirated games and software, bogus email attachments, etc. If the users end up running the Righ Ransomware on their computers, it may take the harmful application just a few minutes to accomplish its goal and leave the victim with a hard drive full of encrypted files. The...

Uiojx.xyz

Posted: December 5, 2019 | Category: Browser Hijackers | Threat Level: 5/10
Uiojx.xyz is a bogus page, which is not meant to deliver any meaningful content to its users. In fact, the homepage shows nothing – all of the pages hosted by Uiojx.xyz are found in sub-directories with randomized names that cannot be guessed easily. It would appear that the website Uiojx.xyz is being promoted via shady browser pop-ups and advertisements that users may come across when they browse dubious Web destinations. Judging by the directory names used by the administrator of Uiojx.xyz, the page may be programmed to refer its visitors to different sub-directories depending on the...

CallerSpy

Posted: December 4, 2019 | Category: Malware | Threat Level: 6/10
CallerSpy is an espionage tool available for Android devices. It is not clear if a high-profile threat actor is related to the development of this malware. Still, malware researchers were able to identify the fraudulent schemes used to distribute this threatening application – it poses as an Android chat application that goes by the name Chatrious or Apex App. One of the websites hosting the fake chat application was disguised to look like a legitimate Google page, and it even used a similar domain name, 'Gooogle(dot)press.' Some users might not notice the extra 'o' symbol in the domain...

OSX/NukeSped

Posted: December 4, 2019 | Category: Backdoors | Threat Level: 6/10
The North Korean hackers from the Lazarus APT group have a significant arsenal of cyber-threats that can carry out all sorts of attacks against the group's targets. One of those threats is the NukeSped RAT, a Remote Access Trojan, which can enable its operators to take full control over an infected system. However, the one setback of the NukeSped RAT is that it only works on Windows systems. It seems that the threat actors from the Lazarus group are not satisfied with targeting only one operating system, and they have used a variant of NukeSped recently, which anti-virus vendors have...

CStealer

Posted: December 4, 2019 | Category: Trojans | Threat Level: 8/10
CStealer is the name of a newly discovered information collector that targets Windows systems exclusively. The purpose of info-stealers like this one is to retrieve the unsecured login credentials of its victims and then transfer them to a remote server or database that is under the control of the threat authors. Often, the data is exfiltrated via a Telegram bot or a basic HTTP or FTP connection. However, the authors of the CStealer have opted for a more experimental technique that may end up causing even more harm to the info-stealers victims – the data is extracted to a MongoDB database...

LockBit Ransomware

Posted: December 4, 2019 | Category: Ransomware
The best way to protect yourself from file-encryption Trojans is to invest in a reliable data backup service, as well as ensuring that your system is secured by a reputable anti-virus product that receives regular updates. Unfortunately, many people's computers are still lacking the necessary ransomware protection, and they are the group of users that the authors of the LockBit Ransomware are likely to go after. This new file-locker is able to complete its devastating attack in a matter of minutes, allowing it to leave its victim with a hard drive full of corrupted documents, images,...

SwiftEngine

Posted: December 4, 2019 | Category: Potentially Unwanted Programs (PUPs)
SwiftEngine is the name of a Potentially Unwanted Program (PUP) that Windows users do not have to worry about. This software is available for OSX systems exclusively, and it claims to work as a search-enhancing feature that will enable its users to find better results online, as well as navigate the Web more efficiently. However, users who opt to approve the installation of the SwiftEngine software may soon find out that that they have been deceived – this program will not offer any improvements and, instead, it may turn out to be a very annoying problem to deal with. This is because the...

iWorm

Posted: December 3, 2019 | Category: Botnets
iWorm is a cyber-threat that first emerged in 2014, and it managed to infect over 18,000 devices running OSX quickly. iWorm works as a backdoor Trojan that packs a wide range of modules that enable its operator to command the infected systems to perform various tasks. iWorm is likely to have been used to build a botnet that could execute Distributed-Denial-of-Service (DDoS) attacks, engage in cryptocurrency mining campaigns, or send out spam emails. Besides controlling the behavior of the infected device, the iWorm backdoor also is able to collect details about its victims, monitor...

PyXie RAT

Posted: December 3, 2019 | Category: Ransomware
The PyXie RAT is a Remote Access Trojan (RAT) written in the Python programming language. The first samples of this threat were found by cybersecurity labs in 2018, but the threat was not that widespread back then. However, it appears that the operators of the PyXie RAT are expanding their campaign, and multiple samples of the Trojan have been found in the wild. This Remote Access Trojan appears to be very well-made, and it is likely that the threat actor behind it is very experienced when it comes to developing RATs. The malware borrows code and ideas from several high-profile threats to...

Msop Ransomware

Posted: December 3, 2019 | Category: Ransomware
The Msop Ransomware is a file-locker whose primary function is to encrypt a wide range of file types found on the hard drives of its victims. In addition to encrypting the data found on the hard drive or SSD, the threat also is able to encrypt files on removable storage devices. Whenever the Msop Ransomware encrypts the contents of a file, it will make sure to manipulate the file's original name by appending the '.msop' extension. 2019 has been the year of the STOP Ransomware family – its operators have released nearly two-hundred variations of the threatening file-locker, and the latest...

Xochuaime.site

Posted: December 3, 2019 | Category: Adware | Threat Level: 2/10
Xochuaime.site is a website that will not provide you with any interesting content if you visit it directly. In fact, trying to open Xochuaime.site may often result in a blank page that takes the user nowhere. However, users have been posting complaints regarding a social engineering tactic that the Xochuaime.site website uses to get the user's permission to display push notifications in their Web browser or even on their mobile device. It appears that the administrators of the Xochuaime.site have set up several sub-pages, which have been designed to display a fake prompt that asks users...

Urgent-incoming.email

Posted: December 3, 2019 | Category: Adware | Threat Level: 2/10
Ever since Web browsers provided websites with the ability to display push notifications, the con artists have been trying to monetize this functionality by using various social engineering tricks to convince users to provide a shady website with the ability to display push notifications. Often, these websites do not host any meaningful content, and their social engineering tricks are hidden in sub-pages that reach users through low-quality advertising campaigns. One of the websites using this strategy is found at Urgent-incoming.email. It features different page layouts depending on the...

OSX/NewTab

Posted: December 2, 2019 | Category: Malware | Threat Level: 6/10
Windows users are not the only ones who need to worry about harmful applications or Potentially Unwanted Programs (PUPs), which are able to manipulate their computer's behavior. More and more malware developers are focusing on Mac-compatible software, and it appears that Mac threats have been on the rise in 2019. While high-profile cyber-threats for OSX are still not that common, there are countless of less threatening applications that may bother the owners of Apple devices. One of the threats to be identified in 2019 goes by the name OSX/NewTab. The purpose of this software is rather...

OSX/Mokes

Posted: December 2, 2019 | Category: Backdoors | Threat Level: 6/10
OSX/Mokes is an exceptionally harmful cyber-threat that is compatible with Windows, Linux and OSX systems. The capabilities of this malware allow it to function as a fully-fledged backdoor Trojan that provides its operators with access to several modules that can be used to extract information from the compromised system, as well as perform reconnaissance operations. While the Windows version of the Mokes backdoor has gained a lot of attention from cybersecurity experts, it also should be mentioned that an OSX variant also is available. It is not clear how the OSX/Mokes is being...

Mac Auto Fixer

Posted: December 2, 2019 | Category: Potentially Unwanted Programs (PUPs)
Mac Auto Fixer is the name of a deceptive application that only works on computers and laptops running Apple's operating system. The software does have an official website that can be used to download a trial version, but most users come across this application without having to visit its website at all. This is because the Mac Auto Fixer program is being spread via software bundling, misleading download offers or fake Adobe Flash Player updates. Anti-virus products have the Mac Auto Fixer application tagged as a Potentially Unwanted Program (PUP) – a software that is not harmful, but it...

MacDownloader

Posted: December 2, 2019 | Category: Malware | Threat Level: 6/10
The name MacDownloader certainly does not sound like a threatening application whose purpose is to extract credit card data, passwords and credentials from your device. However, this is the exact purpose of this dubious application that tends to pose as a fake Adobe Flash Player update. The MacDownloader software might be the product of an Advanced Persistent Threat (APT) group based in Iran, and its targets are unlikely to be regular users – so far, the MacDownloader malware has been used against high-profile US defense contractors like Boeing, Raytheon, Lockheed Martin and others...

Hets Ransomware

Posted: November 29, 2019 | Category: Ransomware
The Hets Ransomware is a file-encryption Trojan, which may be distributed online under the disguise of a cracked game, software suite keygen, pirated movie, or other digital content that is likely to attract the attention of the users. However, users who come across one of Hets Ransomware's copies may end up putting their files in big danger – this is because this threat focuses on causing harm to its victim's file system by encrypting a wide range of documents, images, videos, archives, etc. Of course, the attack does not end here – the Hets Ransomware also provides its victims with a...

Nyton Ransomware

Posted: November 29, 2019 | Category: Ransomware
A new file-locker is being detected by anti-virus engines, and it has been given the name Nyton Ransomware. The good news is that anti-virus products detect this new threat with ease, and users who have taken the necessary measures to secure their computers are unlikely to fall victim to this file locker devastating attack. Unfortunately, users without proper cybersecurity tools installed may end up being prone to the Nyton Ransomware's attack. If you end up having your computer infected by the Nyton Ransomware, you may soon lose access to your relevant documents, images, archives, videos,...

IMI Ransomware

Posted: November 29, 2019 | Category: Ransomware
File-encryption Trojans continue to be the most profitable hacking tools in the arsenal of cybercriminals and, unfortunately, this is unlikely to change unless computer users start to take their computer's security more seriously. The purpose of file-encryption Trojans is to corrupt the files of their victims, and then offer to recover it in exchange for money – the payment is usually made via a cryptocurrency, and the victims rarely get reliable proof that they will have their data restored after they complete the payment. Another major problem is how easy it is for cybercriminals to get...

Sorano Stealer

Posted: November 29, 2019 | Category: Trojans | Threat Level: 8/10
A new infostealer is being offered on underground hacking forums, and it would appear that the seller is a Russian malware developer. The advertisements for the Sorano Stealer are very well-designed, and they contain detailed information about the threat's modules and potential. In addition to this, the infostealer code appears to be published on GitHub, so any cybercriminals can grab it and use it or tailor it according to their needs. A quick look at the Sorano Stealer modules reveals that the threat is able to exfiltrate data from infected machines by using the API of Telegram, a...
Home "Articles"