Malicious Microsoft VSCode extensions steal passwords, open remote shells

*Content borrowed from bleepingcomputer.com. Cybercriminals are starting to target Microsoft’s VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. According to Check Point, whose analysts discovered the malicious extensions and reported them to Microsoft, the malware enabled the threat actors to steal credentials, system information, and establish a remote shell on …

June 26, 2019November 8, 2024

Kpot, The info stealer

Kpot, an older information stealer just got a major update and is seen in the wild again. This time Kpot brings zero persistence (meaning its never written to your computer) and instead does all of its attacks in memory before leaving your computer completely. Removing the ability to detect it without Real-time protection. How it …

Qulab, The information stealer

Info stealers are nothing new, and Qulab is no exception. Designed to get in quick and get as much data as they can, these malicious programs steal all personal information about you from your computer. In particular, Qulab is know in its current iterations to steal information from browsers, including: It can copy any file …

May 8, 2019August 5, 2024

New cross platform rootkit: Scranos

Scranos is a new player to the global malware scene that leverages many well-known and some new methods to obtain login credentials and bank information. It can also steal or manipulate information from several online accounts to access your Amazon, Airbnb, Facebook, Steam, and YouTube accounts. How it works Scranos is installed through various methods, …

May 6, 2019August 1, 2024

WinRAR Vulnerability

File compression has been an indispensable tool for computer users ever since it was first developed in the late 1980’s. Back then space on relatively small hard drives was at a premium, and compacting files that weren’t currently being used was a great way to free up a few valuable megabytes. These archived files also …

TrickBot

TrickBot is once again making itself known during tax season and attempting to steal your hard-earned money. TrickBot was originally discovered in October of 2016 but has since changed and evolved dramatically into one of the most prolific hacking attacks today. How it works Just like Emotet, TrickBot primary spreads by specially designed emails or …

Anatova

Anatova is the nickname given to a new brand of sophisticated ransomware that looks to encrypt your personal or business files and then demands payment to decipher them. How it works Anatova is distributed through peer-to-peer (P2P) file sharing networks. It masquerades as genuine software, often using real icons to fool users into believing it …

How To Remove Vidar/GandCrab

Vidar is a relatively new keylogging, data-stealing malware campaign. It is generally distributed through malicious advertisements, a common hacking technique, on less-than-reputable sites such as bit torrent or free video streaming sites. These malvertisements redirect their victims to various exploit kits such as Fallout and GrandSoft, which in turn will infect your machine with various …

February 12, 2019October 23, 2024

How to remove Hancitor

Hancitor, also known as Chanitor, is known for dropping its payloads rather than downloading them post-infection, as well as for a unique phishing approach to trick users into downloading and activating Microsoft Word documents with malicious macros. How it works Hancitor uses a new template that attempts to fool the user into believing that it …

Definitions

Attack Vector: Is the way the attacker gains access to a target. The most common of these are malicious emails but many more exist and are discovered all the time. BackDoor: Is a bypass allowing a Malicious user to connect to the target machine without permission from the target. These can be in the form …

For Home

For Business