Category: Malware


New ‘hover link’ method used to spread malware via PowerPoint files

Since macros are an appropriate way to automate some common tasks in Microsoft Office, sometimes cyber criminals prefer to use macros to download malicious software and infect computers. However, in recent versions of Microsoft Office, macros are disabled by default, which means cyber criminals need to convince you to turn on macros or grant special privilages so that the malware can...

1,121 total views, no views today


Over 250 million computers infected with dangerous Fireball malware worldwide

  Checkpoint security researchers have discovered a new and dangerous malware, called Fireball, that hijacks and manipulates infected users’ web traffic to perform malicious actions. Although the dangerous Fireball ransomware is currently being used to generate ad-revenue for a large digital marketing agency in Beijing, it is capable of executing any malicious code on victim machines in order to steal user...

752 total views, 2 views today


A dangerous Android banking trojan discovered that targets 22 Turkish mobile banking apps

ESET researchers have discovered a dangerous Android banking trojan that masquerades as a weather forecast application on Google Play. The malware, dubbed Trojan.Android/Spy.Banker.HU, targeted the users of 22 Turkish mobile banking apps, whose credentials were harvested using fake login forms. Banking trojans are sophisticated piece of malware which designed to steal banking information by using message interception, form grabbing, keystroke logging, screen capturing, fake login...

1,059 total views, no views today


Filecoder.E: The new macOS-targeting ransomware distributed through Torrent websites

Experts from antivirus firm Eset have discovered a new ransomware variant, called OSX/Filecoder.E, that targets Macintosh users. It’s not the first time Mac-targeting ransomware has been detected by security researchers. In 2014, Kaspersky Labs discovered OSX.FileCoder.a ransomware, though it wasn’t complete at the time. And the next one, OSX.KeRanger was discovered in 2016 by Palo Alto researchers. The new Filecoder ransomware, designed...

943 total views, no views today


European Banks targeted by new version of ‘SmsSecurity’ Android malware

In 2014, Trend Micro discovered a cybercriminal operation, called ‘Operation Emmental’, that uses malicious apps to intercept SMS messages and hijack victim’s banking session. They uncovered that the malicious applications were posing as a banking application that supposedly generates one-time passwords (OTPs) in order to trick victims. These fake OTP generators were named as ‘SmsSecurity’. Two years later, Trend Micro researchers...

1,259 total views, no views today


New CryptoLuck ransomware infects victims through legitimate GoogleUpdate.exe application and DLL hijacking

A Proofpoint security researcher has discovered a new ransomware, called CryptoLuck, that infects target computers through the legitimate GoogleUpdate.exe executable and DLL hijacking. According to security researcher and exploit kit expert ‘Kafeine‘, CryptoLuck ransomware has been spotted being distributed via RIG-E exploit kit after redirection from compromised websites and malvertising. While Kafeine only specifically saw this sample through advertising in the Adult web site...

1,292 total views, no views today


Telecrypt ransomware uses Telegram Messenger to communicate with C&C. Here is how to decrypt your files.

Kaspersky Lab researchers have discovered a new ransomware, called Telecrypt, that uses Telegram Messenger as a covert channel between the Command and Control (C&C) server and the compromised device. By using Telegram Messenger’s communication protocol, Telecrypt ransomware performs secure key exchange with the C&C server, which becomes hard to track through network traffic monitoring. It is also noticed that Telecrypt is the first ransomware...

1,129 total views, no views today


Linux.BackDoor.FakeFile.1, the new Linux backdoor detected in the wild

Although the vast majority of malware is created to attack Windows operating systems, Linux systems can be infected as well. Because Linux is one of the most widely and constantly used operating systems in desktop computers, web servers, IoT devices, embedded systems, routers, surveillance cameras or different server infrastructures, it becomes a valuable target for cyber criminals. Security firms observing increase in malware types...

1,268 total views, no views today


Mirai malware infecting AirLink Cellular Gateway devices, password change needed!

Mirai is a dangerous malware that is designed to infect Internet of Things (IoT) devices by scanning the internet for devices with factory default passwords in order to make these devices a part of a botnet and to perform DDoS attacks. Mirai is also the bot used in one of the largest DDoS attacks. Brain Kreb’s blog was recently targeted by a...

1,060 total views, no views today


Windows Script File ( WSF ) attachments being increasingly used for ransomware delivery.

Spam emails are one of the mostly used mediums by attackers in an attempt to trick the user into opening the mail and clicking on the links within the mail or opening a malicious attachment, which leads to malware infection. And it seems that malicious Windows Script Files (WSF) are the latest file types being used by cyber criminals recently to spread ransomware....

1,187 total views, no views today


New Xpan ransomware uses RDP brute-force attacks. Read how to decrypt your files.

Since the Remote Desktop Protocol (RDP) in it’s default configuration is vulnerable to certain types of attacks and it may provide the ability for a hacker to get direct access to a server on the local network, securing the RDP is something crucial. As a recent example, Kaspersky Lab security researchers have discovered a new variant of Brazilian-made ransomware, Trojan-Ransom.Win32.Xpan, that...

1,250 total views, no views today


New Android.Xiny trojan is able to steal banking information or intercept IM

The recent version of the Android.Xiny trojan is now able to steal confidential information (including credit card numbers, logins and passwords), transfer money to cybercriminal-owned bank accounts and intercept or send instant messages (IM) by infecting system processes. Android.Xiny trojan family got famous in January 2016 when ‘Doctor Web Anti-virus’ researchers detected [1] that Android.Xiny.19.origin trojan was incorporated into more than 60 games...

1,079 total views, no views today


Mamba ransomware encrypts all disk partitions! How to protect your systems?

As you may already know, or experienced, ransomware is a type of dangerous malware that usually restricts access to critical files and documents stored on the computer system it infects. It encrypts the data on all local drives, removable drives, and mapped network drives using a cipher (AES or RSA for example) with the private key stored only on the malware’s control servers and...

2,363 total views, no views today


Chimera ransomware encrypts files and publishes sensitive data on the internet

The message states in German: “You are victim of the Chimera malware. Your private files are encrypted and can not be restored without a special key file. Some applications may not function properly.  Please transfer Bitcoins to the following address to get your unique key file…”   A new type of ransomware named “Chimera” has been discovered which is targeting companies...

2,410 total views, no views today


New POS malware attacks Mass Transit Systems, targets Ticket Machines and Electronic Kiosks

A POS malware usually targets Point-Of-Sale systems because they become readily available to small and mid-sized businesses and modern POS systems are tied to a business’s payment processing, inventory, and customer relationship management (CRM) functions. But a cyber threat intelligence firm from Los Angeles, IntelCrawler, has identified a new type of Point-of-Sale malware which also hits Mass transit Systems and makes possible the leak of payment data...

2,271 total views, no views today