Trend Micro - Newest Malware Advisories

Ransom.Win32.SPOOSH.THGAGBC

Thu, 27 Jul 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Generic.Ransom.DCRTR.7E80656D (BITDEFENDER)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It connects to certain websites to send and receive information.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

AndroidOS_SpyNote.GCLX

Tue, 13 Jun 2023 07:00:00 -0700

Threat type: Backdoor

Aliases:

Platforms: Android

Overall Risk Rating: High

Damage Potential: Low

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

Ransom.Win32.NOKO.THDABBC

Mon, 05 Jun 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Ransom:Win32/Nokonoko.PB!MTB (MICROSOFT); Win32:Nokoyawa-A [Trj] (AVAST)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win32.NOKO.YPDFA

Mon, 05 Jun 2023 07:00:00 -0700

Threat type: Ransomware

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.MSIL.EGOGEN.THEBBBC

Mon, 05 Jun 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Trojan:MSIL/XWormRAT.A!MTB (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It adds certain registry entries to disable the Task Manager. This action prevents users from terminating the malware process, which can usually be done via the Task Manager.

It terminates itself if it detects it is being run in a virtual environment.

It encrypts files with specific file extensions. It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.PS1.LOCKBIT.AA

Thu, 11 May 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Trojan:Win32/Leonem (MICROSOFT); Win32/Filecoder.Lockbit.M trojan (NOD32)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win32.LOCKBIT.EOD

Thu, 11 May 2023 07:00:00 -0700

Threat type: Ransomware

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win32.CRYPTOLOCK.E

Wed, 26 Apr 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Trojan-Ransom.FileCrypter (IKARUS)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It terminates itself if it detects it is being run in a virtual environment.

Trojan.W97M.EMOTET.SMI

Tue, 25 Apr 2023 07:00:00 -0700

Threat type: Trojan

Aliases: HEUR:Trojan.Script.Generic (KASPERSKY); TrojanDownloader:O97M/Emotet.S!MTB (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This is a generic detection for all cases and instances of Emotet.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ransom.Win64.CONTI.AA

Tue, 25 Apr 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Gen:Variant.Lazy.326686 (BITDEFENDER)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note.

Ransom.Win32.RTMCOMMAND.THKBFBD

Tue, 25 Apr 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Ransom:Win32/RTMLocker.AA!MTB

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This ransomware encrypts all drives except the CD-ROM.

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note.

Ransom.Win64.DONOTRUN.A

Tue, 25 Apr 2023 07:00:00 -0700

Threat type: Ransomware

Aliases: Python/Filecoder.EK trojan, Python/Filecoder.EK trojan (NAI)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This ransomware locks the user out of their devices by locking the screen.

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note.

Ransom.Win32.LOCKBIT.YXCGD

Mon, 04 Jul 2022 07:00:00 -0700

Threat type: Ransomware

Aliases: Trojan-Ransom.BlackMatter(IKARUS), Ransom:Win32/Lockbit.STB(MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Worm.Win32.HERMWIZ.YECCA

Tue, 01 Mar 2022 07:00:00 -0800

Threat type: Worm

Aliases: DoS:Win32/FoxBlade.A!dha (MICROSOFT); Win32/Agent.OJC worm (NOD32)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: High

Reported Infection: Low

Information Exposure: Low

Overview:

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.Win32.KILLMBR.YECCA

Tue, 01 Mar 2022 07:00:00 -0800

Threat type: Trojan

Aliases: Win32/KillMBR.NHQ trojan (NOD32)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.Win32.WHISPERGATE.YXCAX

Mon, 24 Jan 2022 07:00:00 -0800

Threat type: Trojan

Aliases: DoS:Win32/WhisperGate.M (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes then deletes itself afterward.

Trojan.MSIL.WHISPERGATE.YXCAQ

Tue, 18 Jan 2022 07:00:00 -0800

Threat type: Trojan

Aliases: DoS:Win32/WhisperGate.I!dha (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.W97M.CVE202140444.A

Thu, 09 Sep 2021 07:00:00 -0700

Threat type: Trojan

Aliases: HEUR:Exploit.MSOffice.Agent.gen (KASPERSKY)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.

Ransom.Win32.LOCKBIT.YEBGW

Mon, 16 Aug 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: Ransom:Win32/Lockbit.AA!MTB (MICROSOFT); W32/Lockbit.C2F8!tr.ransom (FORTINET)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.MSIL.CHAOS.A

Mon, 09 Aug 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: HEUR:Trojan.MSIL.Fsysna.gen (Kaspersky);

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It encrypts files found in specific folders.

Ransom.Win32.BLACKMATTER.THGOCBA

Wed, 04 Aug 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: Trojan-Ransom.BlackMatter (IKARUS)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win32.SODINOKIBI.YABGC

Sat, 03 Jul 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: N/A

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Trojan.Win32.CVE20190808.A

Thu, 01 Jul 2021 07:00:00 -0700

Threat type: Trojan

Aliases: Win32:CVE-2019-0808-K [Expl] (AVAST)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.

Trojan.Win32.CVE20188120.E

Thu, 01 Jul 2021 07:00:00 -0700

Threat type: Trojan

Aliases: Exploit:Win32/CVE-2018-8120.A (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It takes advantage of certain vulnerabilities.

Trojan.X97M.PANDASTEAL.THDABBA

Wed, 28 Apr 2021 07:00:00 -0700

Threat type: Trojan

Aliases: HEUR:Trojan-Downloader.MSOffice.Agent.gen (KASPERSKY)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This is the Trend Micro detection for macros that drop the cryptocurrency wallet stealer known as Panda stealer.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

TrojanSpy.MSIL.REDLINESTEALER.YXBDN

Fri, 09 Apr 2021 07:00:00 -0700

Threat type: Trojan Spy

Aliases: a variant of MSIL/Kryptik.AAHN trojan(NOD32); PWS-FCXD!F291EAD13EAD(NAI)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.

TrojanSpy.MSIL.REDLINESTEALER.YXBDM

Fri, 09 Apr 2021 07:00:00 -0700

Threat type: Trojan Spy

Aliases: MSIL/Kryptik.AAHQ!tr(FORTINET); Trj/GdSda.A(PANDA)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.

Ransom.Win32.ASTROLOCKER.A

Wed, 31 Mar 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: BScope.TrojanRansom.Encoder (VBA32)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes then deletes itself afterward.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win64.ASTROLOCKER.THCBDBA

Wed, 31 Mar 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: Win64/Filecoder.CI trojan (Nod32), Trojan-Ransom.FileCrypter (Ikarus)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes then deletes itself afterward.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.Win32.DEARCRY.THCABBA

Mon, 15 Mar 2021 07:00:00 -0700

Threat type: Ransomware

Aliases: Ransom:Win32/DoejoCrypt.A (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.Win64.HAFNIUM.A

Thu, 11 Mar 2021 07:00:00 -0800

Threat type: Trojan

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.PS1.BOXTER.A

Wed, 10 Mar 2021 07:00:00 -0800

Threat type: Trojan

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.MacOS.SLISP.A

Tue, 23 Feb 2021 07:00:00 -0800

Threat type: Trojan

Aliases: Trojan.OSX.SilverSparrow (IKARUS)

Platforms: OSX

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

Ransom.MSIL.POVLSOM.THBAOBA

Sat, 06 Feb 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: Ransom:MSIL/Filecoder.EY!MTB (MICROSOFT), Trojan-Ransom.FileCrypter (IKARUS)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ransom.MSIL.THANOS.THABGBA

Wed, 03 Feb 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: Trojan-Ransom.Thanos (Ikarus), HEUR:Trojan-Ransom.MSIL.Encoder.gen (Kaspersky)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.

It creates certain registry entries to disable applications related to security.

It encrypts files with specific file extensions. It drops files as ransom note.

PUA.Win64.ProcHack.AC

Wed, 27 Jan 2021 07:00:00 -0800

Threat type: Potentially Unwanted Application

Aliases: HEUR:RiskTool.Win32.ProcHack.gen (KASPERSKY)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Low

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.Win64.COMBACKER.YABA-A

Tue, 26 Jan 2021 07:00:00 -0800

Threat type: Trojan

Aliases: Trojan.Win64.Agent (IKARUS), Trojan:Win64/Comebacker.A!dha (MICROSOFT)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ransom.Win32.BABUK.YEBA-THAAEBA

Tue, 26 Jan 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: Ransom:Win32/BabukLocker.MK!MTB (MICROSOFT); Trojan-Ransom.FileCrypter (IKARUS)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ransom.Win32.MAOLOA.THAAHBA

Wed, 20 Jan 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: HEUR:Backdoor.Win32.Remcos.gen(KASPERSKY); W32/Remcos!tr.bdr(FORTINET)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It drops files as ransom note. It avoids encrypting files with the following file extensions.

Ransom.MSIL.COBRALOCKER.AA

Mon, 11 Jan 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: Trojan-Ransom.FileCrypter (IKARUS), W32/Encoder.AFA!tr (FORTINET)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware may be dropped by other malware.

Trojan.INF.HIDDENTEAR.THAOGBA

Fri, 08 Jan 2021 07:00:00 -0800

Threat type: Trojan

Aliases: INF/Agent.J trojan (NOD32)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Low

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It automatically executes files when a user opens a drive.

Ransom.Win32.BABUK.THAODBA

Tue, 05 Jan 2021 07:00:00 -0800

Threat type: Ransomware

Aliases: Trojan.Win32.Udochka.kb (KASPERSKY); Trojan-Ransom.FileCrypter (IKARUS)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.MSIL.SUPERNOVA.A

Mon, 14 Dec 2020 07:00:00 -0800

Threat type: Trojan

Aliases: MSIL/Agent.5676!tr (FORTINET)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website.

It executes commands from a remote malicious user, effectively compromising the affected system.

Backdoor.MSIL.SUNBURST.A

Mon, 14 Dec 2020 07:00:00 -0800

Threat type: Backdoor

Aliases: Trojan:MSIL/Solorigate.B!dha (Microsoft); Trj/Solorigate.A (Panda)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

Backdoor.MSIL.BLADABINDI.THA

Mon, 21 Sep 2020 07:00:00 -0700

Threat type: Backdoor

Aliases: Backdoor:MSIL/Bladabindi.SBR!MSR (Microsoft), MSIL:Bladabindi-JK [Trj](AVAST)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

Cybercriminals used this malware bundled with legitimate installation copies of the VPN software known as Windscribe. Note that these copies are hosted from fraudulent sources.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

It gathers certain information on the affected computer. It logs a user's keystrokes to steal information.

IoT.Linux.MIRAI.VWISI

Wed, 08 Jul 2020 07:00:00 -0700

Threat type: Backdoor

Aliases:

Platforms: Unix

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This new Mirai variant exploits CVE-2020-10173, a vulnerability in Comtrend VR-3033 routers. Similar to earlier variants, this Mirai variant uses telnet and SSH brute-forcing techniques to attack vulnerable devices.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor.Win32.DEVILSHADOW.THEAABO

Thu, 21 May 2020 07:00:00 -0700

Threat type: Backdoor

Aliases: Trojan.Win32.Scar.sydj (KASPERSKY)

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: High

Distribution Potential: Low

Reported Infection: Low

Information Exposure: High

Overview:

Cybercriminals take advantage of the popularity of the Zoom messaging app. This backdoor is found in a fake Zoom installer. This is probably hosted on malicious or suspicious sites.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.

Trojan.JS.MANAGEX.A

Thu, 16 Apr 2020 07:00:00 -0700

Threat type: Trojan

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Low

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This MANAGEX variant is a modular adware that is able to gather important information as a browser extension.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It connects to certain websites to send and receive information. However, as of this writing, the said sites are inaccessible.

Trojan.Win32.MOOZ.THCCABO

Fri, 03 Apr 2020 07:00:00 -0700

Threat type: Trojan

Aliases:

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Medium

Overview:

This AutoIt-compiled malware downloads a coinminer in affected systems. This malware is distributed by cybercriminals by bundling it with a legitimate installer of the Zoom communication app.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Trojan.PS1.POWLOAD.JKP

Mon, 16 Mar 2020 07:00:00 -0700

Threat type: Trojan

Aliases: N/A

Platforms: Windows

Overall Risk Rating: Low

Damage Potential: Medium

Distribution Potential: Low

Reported Infection: Low

Information Exposure: Low

Overview:

This POWLOAD variant is seen distributed via spam. The spam campaign is in Italian and lures users to click by using COVID-19 in its subject.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.