News category archyve:

VBShower

VBShower is a malicious application that was spread during Cloud Atlas attacks. So far, it is unknown who is behind these attacks, but it looks like their targets are all government entities, international organizations, and institutions alike. As one could imagine, gathering sensitive information could be the main malware’s task. It was reported that it has capabilities that allow it to avoid getting detected, which suggests the malicious application was meant to work silently in the background. In other words, it is doubtful a victim would notice its presence, which means it could stay on a system for a long time. Thus, institutions in the hackers’ radar are advised to be cautious. For more information on how VBShower works and where it comes from, we encourage you to read the rest of this report. Read more »

Careless App Installation Can Lead to the Invasion of Monokle

Monokle is the name you need to remember because it belongs to one of the most vicious Android apps out there. This malicious threat can use trojanized apps to slither into your device, and then it can manipulate it, steal information, and use various spying techniques. The victims of this malware are not safe because the attackers – and whoever gets access to the retrieved information – can know the physical location of the victim, can know where they are planning to be at specific times, and can spy on them using audio and video input. Basically, whoever has this malware on their device can become a victim of a serious attack, and even their physical security could be jeopardized. Due to the history of the infection and the complex spying abilities, it is believed that this malware was built to target very specific victims. Unfortunately, whatever the case might be, deleting Monokle might not be an easy option. Read more »

Rising Sun Backdoor Attacks Companies Across the World

Most infections that malware experts deal with on a daily basis are infections targeted at the general public, and they can affect users regardless of their location or job title. However, infections that have specific targets do exist as well, and Rising Sun backdoor is one of those threats. Malware researchers inform that this infection was specifically designed to attack defense, energy, financial, and nuclear companies. Most victims of this malware were found in the United States; however, it has impacted organizations in South America, Europe, Africa, Asia, and Australia too. Read more »

Torii Botnet Can Be Used to Exfiltrate Personal Data, Researchers Say

A botnet is a network of computers/systems that are infected with the same kind of malware to perform cyber attacks on a large scale. Torii Botnet is one of the newest botnets to be uncovered, but it is believed to have been active for at least a year now. Most botnets are utilized for mass spam email attacks that could, for example, be used to spread ransomware or expose users to phishing scams. They can also be used for DDoS (distributed denial-of-service) attacks that are primarily meant to disrupt regular traffic to a server or network. Read more »

Facebook vaguely responds to accusations of a major privacy breach associated with Cambridge Analytica

As you may have heard, Facebook has been in the midst of a security breach controversy associated with Cambridge Analytica and the U.S presidential campaign. Over the past week, the #detelefacebook has been trending all around the world. Furthermore, Facebook's shares have plummeted and continue to do so during this time. In fact, according to the CNBC report Mark Zuckerberg, the CEO of the company, has sold  1.14 million shares as part of regularly scheduled programs.

New York Times and Observer broke the story regarding the security breach on 17 and 18 March respectively. Reports stated that Facebook might have been aware of the fact that a company known as Cambridge Analytica exploited up to 50 million users on their platform. Further stamens from Facebook and the whistleblower Christopher Wylie shed light on how all of this might have happened. Read more »

Ev Ransomware

A new nasty infection Ev Ransomware has been detected by specialists working in the malware research department. According to them, this threat has been developed by an Indonesian group of malware developers, and it does not differ much from such prevalent threats as WannaCry Ransomware and Petya Ransomware. That is, it also has the one and only goal it seeks to achieve – to get easy money. Actually, there is one tiny feature that distinguishes it from the remaining ransomware infections that can be spotted in the wild – it is not a threat targeting the Windows OS. Instead, it primarily targets WordPress websites. When the ransomware infection is successfully uploaded by an attacker to the compromised website, the encryption of files starts immediately. Then, the message to pay 0.2 BTC (~ $959 at today’s price) is displayed. Specifically speaking, your website will open only a black window with a message if Ev Ransomware encrypts its files successfully. Ransomware is no longer a new type of malware, so malware researchers already have much knowledge about these infections. They say that there is one thing that unites them all – they want victims’ money and do not hesitate to tell them that. There is, most probably, no need to say that paying money to malicious software developers is the worst they can do. Even if you pay, your website will, most likely, not be fixed because the decryption mechanism of Ev Ransomware does not work properly. Of course, a fixed version of this threat might be uploaded to your website too, but this does not change anything. Read more »

Developer Mode Extensions

Developer Mode Extensions

In this report, we would like to talk about Google Chrome’s Developer Mode feature and the so-called Developer Mode Extensions. It is quite obvious the mentioned feature was created for add-ons’ developers rather than their users. While it may seem like a useful tool for testing designed applications, the research shows this feature might be abused by unreliable programs to bypass the browser’s security. Therefore, if your default browser is Google Chrome and you have not yet heard about such settings, we would advise you to read this article carefully so you would know how to identify potential threats and protect the system from Developer Mode Extensions that could put your computer in danger. Those who encounter such applications could get rid of them manually as it is shown in the instructions located at the end of the article. Read more »

Windows 10 Creators Update

It is possible that your Windows OS has not yet prompted you about the most exciting Windows 10 Creators Update, so we are here to tell you more about it since this is probably the one you have been waiting for. Due to the number of users with Windows 10, it is possible that you will have to wait a couple of months until your system can be updated. But this should not worry you too much because you can manually initiate it. Nonetheless, before you rush to do so, let us tell you more about this great update that concerns general virtual security, graphic design (3D), music, gaming, and e-book readings. This serious upgrade is all about creativity and entertainment. If you have had enough of the old ways of 2D graphics and design, sluggish gaming performance, slow browsing experience, this Windows 10 Creators Update is definitely for you and those issues, a thing of the past. Please read on to learn more about this fantastic novelty. Read more »

Chrysaor: new surveillance malware spotted on Android devices

The development of potentially harmful applications for Android devices has reached a new peak. Hundreds of untrustworthy applications are released every day, but, as malware analysts have observed, not all of them have a goal to affect as many computers as possible. Threats targeting only a small number of devices exist too despite their developers’ efforts and time put into their development – this is called a targeted attack. Chrysaor is one of the newest potentially harmful applications engaged in the targeted attack on devices with the Android OS. Specialists generally refer to it as a potentially harmful application, but, as recent research has revealed, it is nothing more than spyware (software aiming to gather information about users). It is believed to be released by NSO Group Technologies and, according to researchers who have analyzed it, it seems to be a variant of Pegasus, which is yet another surveillance software first detected on devices running certain versions of iOS. Frankly speaking, there was not much known about Chrysaor until malware analysts gathered information from affected devices and carried out thorough research. Now they know everything about it. Read more »

Baidu.com Skype virus continues to terrorize users

A malicious campaign has never hit so close to home. Baidu.com Skype virus continues to spread and terrorize users, and recently even one of your team members got infected with it! What’s more, there is no silver lining to this situation: you will get infected with this annoying threat even if you do not click a random link you get from one of your Skype contacts! Of course, it is not possible to get infected if you do not use Skype in the first place, but there are quite a few users who suffer from this intruder, and in this article here we are going to discuss it in greater detail. Read more »