InvisiMole Spyware : A Sophisticated Cyber Espionage With Stealthy Nature

Spyware is perhaps the most worrying among all cyber threats and they become sophisticated over time. InvisiMole such a sophisticated piece of spyware which was first detected by security experts of ESET. The very malware strain has attacked number of targets in countries like Russia and Ukraine. According to the latest security report, this cuber-espionage tool is active since 2013 but it remains undetected for more than five years. It is counted among dangerous spyware program which is believe to be designed for attacking financial and nation state targets. The malware has advance spying capabilities put it in the top list of spyware detected in last few years. Research also reveal that the cyber criminals behind this spyware has remove every clue which can relate the malware to a specific con artist.

Read more

Python-Based Monero Uses EternalBlue Exploit To Disable Security Features

Once again, cryptocurrency malware is hit with new clever scam that uses National Security Agency (NSA) Exploits to disable security features on Windows computer. As we all know, cryptocurrencies are being in such high demand, it is no wonder that cyber culprits are leveraging cryptocurrency in several different forms as a platform for newly developed threats to attack.

As FortiGuard lab, a new python-based malware that is currently leveraging exploit kits to distribute and utilizes mine cryptocurrency, discovered as PyRoMine. It is one of many threats to leverage the ETERNALROMANCE exploit kit to infiltrated over target computer. Within the crosshairs of PyRoMine lies many vulnerable systems that can be attacked by a stand alone executable file, which is the premises of hackers utilizing Python-based compiler to bundle the malware into a single entity. Fundamentally, use of a Python-based threat is a much easier method for attacking vulnerable computers, which is done using the PyInstaller to package a program written in Python to be a stand alone executable file that may be included in a downloaded ZIP file.

Moreover, the exploit kit ETERNALROMANCE and ETERNALBLUE two exploits developed by NSA, once used in taking advantage of a vulnerabilities within Microsoft’s Server Message Block(SMB). Where as these kind of exploit kit is a software package or a tool kit that cyber hackers or a computer programmer use to perform targeted work or deliver other software in an unconventional method. Although, the PyRoMine malware enables Remote Desktop Protocol on the targeted system so that it can open target machine to further attacks. Also it will use malicious URL with an executable file containing PyInstaller. To make system more vulnerable and functionality makes easier, the NSA ETERNALBLUE exploits allows it to gain system privileges which allow cyber culprits to gain full control on the target system. Afterward they use Monero cryptocurrency on dedicated machine that utilizes a large amount of computer power.

Get More Links : Delete Adyikuzz , Get Rid Of WannaMine

Read more

JosepCrypt Virus Is The New Ransomware That Collects Data From System

Cyber intelligence has reported another crypto virus which is known as JosepCrypt. According to the security analysis, this ransomware is very similar to those file encrypting threat which were detected in year 2018 but the only thing which make it unique from other is its architecture. Some security firm report that the malware is still in development period and its update can be released soon which will more destructive. However it is enough strong to attack any computer but its infection report suggest that it mostly attack system with weak protection. Unfortunately if your system also become victim of JosepCrypt virus then you can’t access your files unless you have a backup.

Read more

Facebook Users Beware : Hackers Infecting More PCs Using Nigelthorn Malware

According to radware, a new malware emerged named Nigelthorn Malware, uses social engineering platform to infect PCs globally. As per the report, this malware is active since at least Mach 18, 2018 and already infect more than 100,000 computer world wide. The group behind this malware abuses a Google Chrome extension titled as Nigelify application, which is used to distributed via Social media links on Facebook.

Hackers have long utilized social networks as their haven to propagating malware and spam. Although, infected PC users are diverted to a bogus YouTube page that ask them to install a Chrome extension to play the video. Once the target user clicks on the Add extension and installed the application successful, the suspicious browser helper object in the form of extension is added to the victim’s web browser and the system is belong to the botnet. The Nigelthorn malware is risky so based on the chrome it will run on both platform Windows as well as Mac Os. Security researchers reveal that the spam campaign primarily focuses Chrome browsers and it is believed that those who are not using Chrome browser are out of danger. Furthermore, the team behind the suspicious malware uses Bitly URL shortening service. The target user who clicks on Add Extension, is rerouted to a Bitly URL from which they will be redirected to social network platform on Facebook. This is done actually to trick victimized PC users and regain access to there Facebook account.

Read more

WannaMine – New Cryptoworm Detected That Mines Monero

Last year NSA server that contains a wide range of exploits was hacked, the moment world didn’t particularly care for it. After all, the exploits were found to be based on old and patched exploits. Unexpectedly, the outdated and patched exploits called EternalBlue was once used by WannaCry ransomware, but it is not the same case this time. According to reports, cyber security groups have discovered that another type of malware based on EternalBlue is being spread rapidly. The threat is dubbed as WannaMine which is found using computing resources to easily mine cryptocurrency on compromised computers. WannaMine is the latest malware first discovered by Panda Security that deploys NSA exploits called EternalBlue. It was first discovered in October last year. Reports say that the malware typically uses two Windows in-built tools i.e, Powershell and WMI (Windows Management Instrumentation).

Read more

Thousands Of HPE iLO 4 Interfaces Found Infected With Ransomware

Ransomware is still the biggest threat and its attack has been increased day by day. According to a latest security report a ransomware has infected thousands of HPE iLO 4 Interfaces. HPE iLO 4 which is also known as HPE Integrated Lights-Out is a kind of management processor which remain built in to HP server that provide option to administrator to access the device from remote location. Using this facility administrator can easily connect to iLO through mobile app or using a browser where they will get a login page to enter their detail. Using this service administrator can fully access their operating system too but because of the ransomware attack they are unable to do so.

Read more

Microsoft & FBI Noticed 24% Rise On Tech-Support Scams

Have you ever wondered a pop-up windows along with a phone number? If you have ever encountered such pop-ups on your web browser or system, then you many not be surprised to know that pop-ups including phone number indulge with tech-support scam. Microsoft Corporation Inc. has published a new report that specify there has been a remarkable increase in tech-support scam over the past year. The new statistics from 183 countries that the Windows OS user continuously targeting by the tech- support scam in the year 2017.

According to the Microsoft, around 153,000 reports have been submitted from the windows users who were victim by the tech-support scam or the true value might be higher. Approx 15 percent users who complained to the company admitted to losing there money to scammers, with an average sum of $200 to $400 per scam. Even though one of the victims from Netherlands who lost Euro 89,000 from there bank account due to this technical support scam.

Read more

Asacub Trojan Evolved From Spyware To Banking

There exists no doubt that malware evolves quickly and so do the goals of cyber crooks. One of the most crucial errand of the security researchers is to closely observe the pieces of malware. These days, one of the research team, Kaspersky Lab has been carefully studying the new malware dubbed as Asacub. The malware Asacub broke out just as a simple spyware and nowadays appears to be a fully equipped banking trojan. Security team is warning about the emerging mobile banking trojan that is found to use infrastructure elements which CoreBot Windows spyware trojan used to employ.

Read more

BrickerBot Malware Has Disabled More Than 60 000 Indian Devices

BrickerBot Malware

Once again the cyber security is under attack and this time it happens in India. According to a latest report on malware, BrickerBot has affected over 60 000 Internet oriented device in different states in India. Really it is a large scale attack after the infamous WannaCry Ransomware. As suggested by the report, cyber criminals behind this malware has disabled number of modems, routers and Internet gateways in short period of time. The report also reveal that the BrickerBot Malware has affected the two large telecommunications companies MTNL and BSNL. The attack was confirmed between July 25 and July 29 of 2017 when user’s of these two companies reported about loss in connectivity.

Read more

AVCrypt (av2018.exe) : New Ransomware That Wipes Security Program

A new malware has been emerged named “AVCrypt Ransomware” that applies nasty functionality to uninstall security software and important Windows services actively. It is a file encoder Trojan that comes in new first time in the last week of March 2018. PC security expert reveled that detected malware behaves similar to the CyberDrill Ransomware and the WannaDie Ransomware. But the recognized threat is believed to be the work of another group of cyber criminals entirely. Even the malware is still under development. The AVCrypt Ransomware is known to execute an embedded TOR client that is used to connect to bxp44w3qwwrmuupc.onion, the command and control servers. Moreover, it was detected first time by Microsoft security team and it was called Ransom:Win32/Pactelung.A.

Read more

1 2 3 9