Credit to Author: Gulamgaus Shaikh| Date: Mon, 03 Sep 2018 11:52:13 +0000
Over the past few days, we have been observing criminals/hackers using a new carrier to deliver the ransomware malware. Recently, Quick Heal Security Labs observed a new variant of Troldesh ransomware which encrypts the data and adds the extension as “.no_more_ransom”. This ransomware comes under Crypto-Ransomware variant, the origin of this…
Read moreCredit to Author: Ghanshyam More| Date: Mon, 03 Sep 2018 10:27:58 +0000
From the last one year, Quick Heal Security Labs has been observing a boost in the number of mining malware. Nowadays malware authors are using mining as a replacement for Ransomware to make money. Recently Quick Heal Security Labs came across a malware which mines Monero(XMR). This miner has many…
Read moreCredit to Author: Shriram Munde| Date: Tue, 28 Aug 2018 13:07:23 +0000
Recently, Quick Heal Security Labs observed a new destructive ransomware named ‘Ryuk. Ransomware’. This ransomware campaign has already affected many users worldwide and seems to be a spear phishing attack. The compelling thing, it encrypts victim files without appending any extension but making files unreadable. Ryuk uses robust military algorithms…
Read moreCredit to Author: Rupali Parate| Date: Mon, 27 Aug 2018 13:43:48 +0000
Quick Heal Security Lab has spotted a couple of applications on play store which hide themselves after installation and display full screen ads after specific time interval. This trend is used by most of the developers these days to earn profit by displaying ads. Even if users want to uninstall…
Read moreCredit to Author: Gajanan Khond| Date: Fri, 17 Aug 2018 14:12:09 +0000
This malware has all basic functionalities of the Android banker along with additional features like call forwarding, sound recording, keylogging and ransomware activities. It has the ability to launch user’s browser with URL received from the C&C server. It repeatedly opens the accessibility setting page until the user switches ON the ‘AccessibilityService’. The…
Read moreCredit to Author: Ghanshyam More| Date: Fri, 10 Aug 2018 09:35:21 +0000
For several months, Quick Heal Security Labs has been observing an increase in ransomware which are built in .NET framework. Ransomware like SamSam, Lime and now Shrug was found to be built in .NET framework. Malware authors are finding it very easy to build and obfuscate malware in .NET framework rather than making them in…
Read moreCredit to Author: Pradeep Kulkarni| Date: Thu, 09 Aug 2018 08:46:11 +0000
According to a blogpost published on Aug 1, 2018, 200,000 routers in Brazil were compromised to deliver Cryptocurrency mining scripts to mine Monero (XMR) cryptocurrency. Hackers compromised the vulnerable MikroTik routers by injecting CoinHive scripts into the routers web pages in order to carry out the mass Cryptocurrency miner attack….
Read moreCredit to Author: Shriram Munde| Date: Wed, 08 Aug 2018 12:25:38 +0000
In July last week, Quick Heal Security Labs detected a new ransomware called Armage. It appends ‘.Armage’ extension to files it encrypts. Armage ransomware uses the AES-256 encryption algorithm to encode files making them inoperable. It spreads via spam emails and corrupted text files. Technical analysis Once executed on the…
Read more