MajikPOS

Posted: November 28, 2019 | Category: Malware | Threat Level: 6/10
MajikPOS is a threatening malware family that has been active for over two years, and it is able to carry out long-term infostealing operations whose end-goal is to provide the attackers with the credit card information of all customers who interacted with the infected point-of-sale device. Often, threats like the MajikPOS are active in regions known for poorly implemented cybersecurity practices, but the authors of this project have opted to go after businesses in Canada and North America. Credit cards from these regions are valued higher on underground markets, so it does not come as a...

Bitx Ransomware

Posted: November 28, 2019 | Category: Ransomware
File-lockers continue to be one of the most widely spread cyber-threats, and, unfortunately, they continue to be a very successful business for cybercriminals because of the hundreds of thousands of users who have not taken the required measures to secure their computers and their data. One of the most active ransomware families is the Dharma Ransomware – it has been around for over three years, and it has a rather interesting history. In 2018, its operators released a database containing a large number of decryption keys that allowed its victims to recover their data free of charge....

SaveTheQueen Ransomware

Posted: November 28, 2019 | Category: Ransomware
A group of cybercriminals claims to be able to decrypt files locked by any ransomware, and they advertised their services on a public website. In addition to offering this service, they also pose as experienced malware developers who work with high-profile threat actors and often launch attacks that target large international companies. However, this group, calling themselves 'Malicioussecurityservices,' are bluffing – they are not good at what they do certainly, and do not have the tools and data required to help ransomware victims most certainly. The group also claims to be the developer...

MarioLocker Ransomware

Posted: November 28, 2019 | Category: Ransomware
The MarioLocker Ransomware is a peculiar file-locker that was spotted on an online file scanning service by security researchers. Trying to run the corrupted binary in a controlled environment revealed the threat purpose quickly – to encrypt the users’ data, and then drop a ransom note on their computers. After completing the file-encryption attack, the ransomware creates a ransom message, which instructs users to open a decryption tool on their computers, which can be used to complete the data recovery process. However, there is a catch – the tool will only work if it is paired with the...

Dexphot

Posted: November 27, 2019 | Category: Malware | Threat Level: 6/10
Dexphot is a piece of malware that targets Windows computers exclusively, and it serves a rather basic purpose – it harvests the hardware resources of the infected machine to run a cryptocurrency miner that generates revenue for the attackers. There are countless examples of malware that does this, but it seems that the threat actors behind the Dexphot project have decided to go over the top with the persistence and complexity of their threatening application. While its end goal remains unchanged, the Dexphot malware uses a wide variety of techniques to stay undetected, gain persistence,...

Stantinko Botnet

Posted: November 27, 2019 | Category: Botnets
The Stantinko Botnet is a massive criminal operation that has managed to stay active since 2012. The threat actors associated with it appear to favor infecting users in Kazakhstan, Belarus, Ukraine, Russia, and other counters in the Commonwealth of Independent States. In the past, the Stantinko Botnet has been used for a wide range of purposes, such as online fraud, fake ad clicks, spam emails and password theft. Surprisingly, the 500,000 members of the botnet are yet to be used for distributed-denial-of-service attacks, but the botnet operators appear to be experimenting with a new module,...

ROGER Ransomware

Posted: November 27, 2019 | Category: Remote Administration Tools | Threat Level: 4/10
Protecting your devices from ransomware attacks is very important in this day and age. File-encryption Trojans are found everywhere online, and you may come across them while browsing shady websites, checking your email inbox, or downloading a piece of software from an unknown website. One of the recent file-lockers to worry about is the ROGER Ransomware – it is based on the Dharma Ransomware project, and uses an advanced file-encryption routine that is impossible to crack via free utilities. This means that if your files get locked by the ROGER Ransomware, your only hope may be to restore...

Calum Ransomware

Posted: November 27, 2019 | Category: Ransomware
Despite the increasing number of ransomware threats active in the wild, many users continue to underestimate the importance of regular data backups, and the peace of mind that a reputable anti-virus product can offer. Threats like the Calum Ransomware are being spread via spam emails, fake downloads, malvertising, torrent trackers, and many other malware propagation channels. If you happen to run a copy of the Calum Ransomware on your computer, then the threat may need no more than a few minutes to cause long-lasting damage to your file system by encrypting the contents of various file...

Zobm Ransomware

Posted: November 26, 2019 | Category: Ransomware
Ransomware threats continue to run rampant, and their targets are often chosen arbitrarily – sometimes, it might be an unknown computer user from a random part of the world, and in another case, it might be a high-profile company whose network has been compromised. Regardless of what user type you are, the consequences of being attacked by ransomware are always devastating – these threats are able to cause severe data loss, and it might often be very difficult to recover from their attacks. One of the most effective ransomware families in the past two years has been the STOP Ransomware –...

Kharma Ransomware

Posted: November 26, 2019 | Category: Ransomware
The operators of the Dharma Ransomware family appear to be running out of ideas when it comes to naming recent variations of their file-locker. One of the latest variants has been given the name Kharma Ransomware, and it is as threatening as any of the already known variants of the Dharma Ransomware. If you happen to become one of the Kharma Ransomware's victims, then you may end up being unable to access the majority of the documents, images, songs, archives, videos, and other files stored on your computer. This is because the Kharma Ransomware uses a complicated file-encryption scheme...

SpartCrypt Ransomware

Posted: November 26, 2019 | Category: Ransomware
Cybersecurity researchers spotted a new strain of ransomware recently that did not appear to share the code of any of the previously known file-encryption Trojans. The new threat, dubbed SpartCrypt Ransomware, is able to encrypt a wide variety of files, and then mark their names by adding the extension '.SpartCrypt[LordCracker@protonmail.com]-[ID- ].Encrypted.' The good news is that the file-encryption algorithm that threat uses is not very advanced, and malware researchers have already managed to crack it successfully, therefore allowing them to build a fully functional data decryptor....

Rote Ransomware

Posted: November 26, 2019 | Category: Ransomware
The ransomware market continues to be a very profitable venture for cybercriminals worldwide, and this is the main reason why we continue to encounter dozens of new file-lockers every month. One of the most prominent ransomware families of 2019 has been the STOP Ransomware, and it has been used to create a large number of file-encryption Trojans that use an identical attack. The only main difference between the STOP Ransomware variants is that they may sometimes use different file extensions to mark locked files, as well as different email addresses for contact. One of the recent updates to...

Ginp

Posted: November 25, 2019 | Category: Malware | Threat Level: 6/10
Android users have to worry about attacks coming from a new banking Trojan that works on Android devices exclusively. The threat, dubbed Ginp, has been in the wild for at least a few months, but the frequency of its attacks has been amplified recently. The main targets appear to be Spanish users, but cybersecurity experts report that the Ginp banking Trojan also is able to target many other banks and financial institutions. However, they do note that the overlay screens and fraudulent alerts it uses to trick customers of Spanish banks are of exceptional quality, and this might mean that the...

TurkStatik Ransomware

Posted: November 25, 2019 | Category: Ransomware
The TurkStatik Ransomware is a file-locker that is likely to be used against Turkish users exclusively. The main reason to assume this is because it delivers a ransom message written in excellent Turkish, and the message is not available in any other language. The lack of grammatical errors is likely to mean that the author of the TurkStatik Ransomware might be fluent in Turkish too. The good news is that the TurkStatik Ransomware was cracked just days after appearing in the wild – its victims can search the Web for the free TurkStatik decryptor that will enable them to undo the damage...

FUCKaNDrUN Ransomware

Posted: November 25, 2019 | Category: Ransomware
Educational ransomware is an interesting concept that, unfortunately, often gets used for wrongful purposes. The best example for this is the HiddenTear project that was released with good intention publicly, but it took the cybercriminals just a few days to rework the project's code slightly and turn it into a fully weaponized file-encryption Trojan. Thankfully, the original authors of the HiddenTear project anticipated this move, and this is why they opted to implement a fairly simple algorithm that serves the purpose of generating a unique encryption key to be used during the attack....

404 Keylogger

Posted: November 25, 2019 | Category: Keyloggers | Threat Level: 8/10
Commodity malware continues to be a very threatening concept because it allows any low-level cybercriminals to use a potentially harmful cyber-threat against anyone they can think of. These threats are usually sold on underground hacking forums, but their developers may often try to sell them via legit-looking websites that describe the hacking tool as a legitimate project – a fine example of such a product is the 404 Keylogger. A quick Web search about this threat reveals that it was first advertised on a popular hacking forum, and its author does not sell the source code or a full-time...

DePriMon

Posted: November 22, 2019 | Category: Trojans | Threat Level: 8/10
Trojan downloaders may seem like simple hacking tools whose only purpose is to fetch and execute a secondary payload.Still, some downloaders rely on innovative techniques that allow them to stay hidden from debugging tools, anti-malware services and even from cybersecurity researchers. Recently, security experts identified a Trojan downloader implanted on the computers of several European companies. Further research showed that the downloader had some very interesting persistence and anti-debugging features, which led researchers to believe that the newly identified downloader might be the...

ColoredLambert

Posted: November 22, 2019 | Category: Malware | Threat Level: 6/10
ColoredLambert is a malware family that is used by an Advanced Persistent Threat group known as 'Longhorn' in the cybersecurity field exclusively. An alternative name of the threat actor that you might see in the media is 'The Lamberts,' and it is derived from the most infamous malware family they use. The group's activity dates back to 2008, but they started being tracked in 2011 closely, and this revealed a lot about their activities. There are strong suspicions that the Longhorn Advanced Persistent Threat (APT) group might be state-sponsored since their attacks tend to target various...

2048 Ransomware

Posted: November 22, 2019 | Category: Ransomware
File-encryption Trojans are among the most feared cyber threats to be used in the past few years. Their ability to cause long-term damage to the files of their victims has turned them into a major problem for regular consumers and businesses alike. Some file-lockers target companies exclusively, but the Dharma Ransomware is not one of them. The Dharma Ransomware family is made out of dozens of file-locker variants, and one of the latest additions to the malicious family is the 2048 Ransomware. This threat goes after regular computer users, and it might be distributed via various means –...

'Uejsc25.xyz' Pop-Ups

Posted: November 22, 2019 | Category: Adware | Threat Level: 2/10
'Uejsc25.xyz' is a bogus website whose purpose is to provide users with a customized Web page that may display fake errors and alerts that prompt the user to perform certain actions. It seems that the website is programmed to check the users' Web browser, and then refer them to a page that has been tailored according to their Web browser's version – for example, Google Chrome users will see one error, while Mozilla Firefox users will see an entirely different bogus alert. As usual, the goal of the administrator behind the 'Uejsc25.xyz' pop-ups is to get users to perform certain tasks such...
Home "Articles"