Category Archives: virus

Viruses are always so much talked about. They are more and more efficient and more and more formidable. Our mission is to inform you and protect you from the threats of the Web.

Malware: your passwords and cryptocurrencies in danger

Thanks to researchers from the cybersecurity company Trend Micro, a new malware has been discovered that specifically attacks cryptocurrency holders, calling itself Panda Stealer.

Panda Stealer is believed to be malware that spreads through corrupted Excel files that are usually exchanged by email. When deployed to the victim's terminal, it simply siphons off the contents of the victims' digital wallets and passwords.

This article will also interest you: How to hack a cryptocurrency: Checkpoint highlights four strategies used by hackers

"In early April, we observed a new information thief called Panda Stealer delivered by spam," Trend Micro researchers explained in a report available on their website. The researchers also discovered that the malware was designed using the code of another pirate software known as Collector Stealer. Software known for stealing confidential information as well.

"Panda Stealer is deployed through spam emails posing as commercial quote requests to convince reckless victims to open malicious Excel files," the report says.All it takes is for the user to open the corrupted Excel file for the cstar program to automatically. Of course without his knowledge.

"The malware seeks to suck up your passwords and cookies. The software will then seek to seize the private keys that secure users' digital wallets. Panda Stealer focuses on wallets that contain cryptocurrency such as Dash, Bytecoin, Litecoin and Ethereum, the second largest digital currency with the largest capitalization behind Bitcoin King. With these private keys in hand, hackers can seize cryptocurrencies held by users and transfer them to other wallets. explains Trend Micro's report.

In addition, the malware consumes credentials that may be contained in certain applications such as Telegram, Discord, Steam or NordVPN

Accounts that are hacked into this crowd and can be resold for example on the dark web in exchange for other cryptographic currencies like the Monero for example.

"It is also capable of taking screenshots of the infected computer and exfiltrate browser data such as cookies, passwords and saved cards. warns security company Trend Micro.

It has also been observed that the victims of this malware are mainly located in Japan, the United States, Australia, Germany. But it can be expected to spread rapidly to other countries. It is therefore advisable to be extremely careful. You will have to pay attention to the attachments a particular Excel files of unknown recipient. It is also recommended to have your antivirus up to date. The mode of spread of the virus is already known it is a classic for phishing. So by being vigilant, we largely protect ourselves against this scourge, which is not that new in the end.

Now access an unlimited number of passwords:

Check out our hacking software

A malware behind this SMS "Your package has been sent. Please check it and receive it. »

Lately, we have seen the proliferation of a message.

A message that security experts say hides malware. A pretty creative act once again on the part of cybercrime.

This article will also interest you: SMS piracy is a reality!

One can cite the number of times when hackers use means smart and sophisticated enough to deceive the average user. These attempts are different however it clearly differs from the skill of hackers to surf the wave. This new attempt is happening on Facebook. She begins with this text message: "Your package has been sent. Please check it and receive it. ». This Message, it should be noted, has been received by several users in particular French since the beginning of April. Usually, in a technique that ranks in the phishing category, there is always a link that is at the end of the message. This is exactly the case here and mine is "tinyurl". So this one doesn't shy away from it.

Behind the said link, there is actually a malicious program. Of course the message when received, it is clearly difficult to determine in advance who is the criminal who may be originally the name of his mailing. One can be deceived by switching to a delivery service or to any seller. On closer inspection, The message makes you doubt that the number that sends it is a French number.

The malware behind this message is classified as "banker" software, in other words Malware, which specializes in stealing banking information. During the month of March 2021, we had already observed the presence of 9 malware of this kind that were a little scattered and targeted especially Android users. Of course the goal is simple: to collect enough financial information to empty the victim's bank account. Associated with this sms that has a strong potential to attract the curiosity of the Internet user, the effectiveness is more than confirm. "Despite its dangerous capabilities, this malware is relatively uncomplicated compared to other software in its family. The most developed bankers set up more subtle means of collecting banking information than a simple phishing: some clone the banks' apps, others record keystrokes on the smartphone keyboard, others are able to take screenshots. According to the cyberwarfare platform.

This could have betrayed hackers, it was when they asked users who click on the link to install on their smartphone: "In order to have a better experience, please update your Chrome browser to the latest version. It's on the website. On top of that, the file that had to be downloaded has a rather strange name: "mxpcqpgjyk.apk". Some pretty blatant elements that totally discredited the attempt.

Now access an unlimited number of passwords:

Check out our hacking software

Discord: a subscription of 9.99 euros demanded as ransom

It's a pretty unusual situation.

Indeed, ransom program is currently circulating which has a rather special character.NitroRansomware is what he calls himself. His fame comes from the fact that he asks $9.99 to unlock the computers he infected. Whereas in some cases the operators behind the ransomware tend to demand thousands or even millions of dollars as ransom. What could explain this situation?

This article will also interest you: Ransomwares: Why be afraid of it?

According to analyses by the online media outlet Bleeping Computer, the ransomware in question is also called Discord Nitro. This makes the computer security researcher think that his operators are quite interested in Nitro subscriptions. It is also a malicious program that was detected by a group of researchers, MalwareHunterTeam. In a Twitter post on Saturday, the group of researchers said: "There is a ransomware called Nitro Ransomware. "There is no other way to open it than if you have the decryption key. You have less than 3 hours to give us Discord Nitro." It actually checks if you're in."

But beyond several other groups have been interested in this rather atypical ransomware. It was held by them that the malware is distributed as a gift code for Nitro. "When the ransomware is executed, it will encrypt the victim's file and give them three hours to [code]provide a valid Nitro Discord," Cezarina Chirica, a researcher at Heimdal Security, a security firm interested in malware, said in a release on Monday. "The malware adds the '.givemenitro' extension to file names in encrypted files. At the end of an encryption process, NitroRansomware will change the user's wallpaper into a diabolical or angry Discord logo. she adds.

With regard to these features, it would seem that the program in question is quite sophisticated. Researcher Cezarina Chirica explains. "NitroRansomware also delivers backdoor capabilities, allowing hackers to execute commands remotely and then send the output via their webhook to the attacker's Discord channel." To do this, it recommends that users who have been affected by this malware immediately change the various passwords, especially discord's. Do some scans with their antivirus solutions to detect if other programs have not been added to their terminals. Make sure that other Windows accounts have not been added to yours, otherwise delete them without delay.

The second question raised by the modus operandi of this malware is the method of payment. Indeed the gift codes. Why $9 gift codes?

"Obviously, this one's a bit stupid, but BEC realized some time ago that iTunes and other gift cards are perfect for money laundering – make sure the victim buys multiple gift cards, and then a criminal infrastructure exists for the resale of gift cards, the laundering of fake ebooks, apps, etc.," cybersecurity researcher Kevin Beaumont said on Twitter.

The evening then very well calculated on the part of the behind NitroRansomware. They can do use the gift codes they will collect as a result of this campaign. According to Gemini Advisor, there are two possibilities for hackers to monetize gift shots. Either they use them to make purchases of physical material goods, or he decides to sell it in the market dedicated to the gift card. "In a[un] system, cyber criminals would use stolen payment cards to buy gift cards and then sell them to Cardpool,[un marché de cartes de crédit]" says the Gemini Advisor report. "If a bank were to determine that the gift card had been purchased with a stolen payment card, it could connect with the commercial bank or gift card sellers who issued the gift card and ask them to cancel the gift card. Unfortunately, this process can be tedious and time-consuming, making it a rare event and providing cyber criminals with a wider window of time to complete their program. ».

Now access an unlimited number of passwords:

Check out our hacking software

Malware: software that targets Facebook, Twitter and Google

"CopperStealer" is how the malware that allows hackers to steal passwords stored on browsers has been dubbed by researchers at us cybersecurity firm Proofpoint.

Recently, hundreds of spy-type apps have been discovered on Google's PlayStore as well as on Apple's App Store or malware that threatens all smartphones that were running with a Snapdragon chip from the American company Qualcomm. Last week, computer security researchers at Zimperium uncovered another malware that specifically targeted Android OS smartphones in the form of a system update.

This article will also interest you: Malware: The "Alien" program capable of stealing passwords on nearly 226 apps on the PlayStore

Going back to the star of the day, CopperStealer, it is malware that gives its operator the opportunity to collect passwords that users would have saved for the different accounts on their browser.

"Our investigation has shown that the malware is essentially designed to steal passwords and cookies, but it is also capable of installing malware after recovering the data," The Proofpoint researchers note in their reports.

Proofpoint experts say the software spreads through cracks for video games or keygens. If the installed antivirus is not up to date when it performs, the virus then infiltrates the terminal.

Almost all browsers are affected even the most popular. These include Microsoft Edge, Google Chrome, Opera Mini, Firefox and Yandex.

Cyber criminals in this case simply steal login credentials and passwords that go on to resell on the darkweb's black market. They are not interested in other information. The passwords of the platforms they target the most are usually those that allow you to connect to Amazon, Google, Facebook, PayPal, Apple, Tumblr or Bing.

Of course, all of this is easily executable when you know that browsers store on their users.

"As far as Facebook is concerned, hackers have an additional procedure, since the malware also retrieves your cookies, in order to get information about your activity history or your contacts. According to Proofpoint researchers.

That's not all, the researchers responsible for CopperStealer's discovery have claimed that CopperStealer is able to spread other malware on devices it has already corrupted. This of course that is accomplished its mission to collect all the necessary passwords.

The security company's specialists trace the origins of this malware until July 2019. There have been similarities in targeting and propagation methods with SilenFade, which happens to be a group of malware that was allegedly concocted by Chinese hackers. Viruses that first targeted accounts on Facebook. So it is quite conceivable that it was the same authors who concocted CopperStealer, the famous ILikeAd Media International Co, a hong Kong-based company, which would have had a rather turbulent legal past with the social network Facebook. The latter is alleged to have sued the Hong Kong company in 2019 for spreading several malwares on its platform. Software that allowed advertising to be carried out using the faces of celebrities. And when visitors tried to click on its ads, a malicious program was installed on their account so that hackers could take control. "These compromised accounts were then used to run advertisements for counterfeit products such as diet pills or men's dietary supplements. In total, Facebook has lamented no less than 4 million euros in damage. proofpoint explains.

According to researchers, the best way to protect yourself from CopperStealer is to make sure you've enabled the dual-factor authentication connection method on all your online accounts. A classic but effective advice to protect yourself. It is also advisable to pay attention to downloads on sites of questionable nature.

Now access an unlimited number of passwords:

Check out our hacking software

Computer attacks that have marked the history of cybercrime

For years, it is easy to see that computer attacks have improved.

The techniques used as well as the means developed are of a completely different level compared to a decade ago now. It is 10 years ago, for an individual to be the victim of a computer attack was more a hypothesis than a real possibility.

Today, this is a fact and happens every day. For good reason, hackers know very well why they work this way. The status of the person, one should know what is a potential target and of choice above all. Especially with phishing and ransomware. Beyond all this we must mention the fact that cyber attacks are too sophisticated and numerous. "The volume of cyberattacks is increasing because our society is more digital and interconnected than before. Ten years ago, there were far fewer interconnections between computers, so it was less visible, the impact was more local. Today, it only takes a small element of fragility for the entire chain to be affected and a hospital to be completely shut down," explained Laura Peytavin, a consultant cybersecurity systems engineer at computer security solutions publisher Proofpoint.

This article will also interest you: Computer attacks: a response against the Microsoft attack would be underway

So here are some computer attacks for you that by their scope and sophistication have marked the news in computer security

1) Stuxnet, the forerunner of cyberwarfare

Stuxnet is virus that was updated in 2010. It was used to bring a text to Iran's nuclear program. It was introduced into targeted computer systems through the use of computer worms that presents itself as "malware that uses a vulnerability to break into a computer to try to hack all nearby devices using the same vulnerabilities," says Corinne Henin, an independent computer security expert.

Stuxnet was designed by the American and Israeli services. This malware was then able to carry out nearly 30,000 Iranian computers, allowing the Allies here to take control of some of the infrastructure necessary for the operation of the uranium registration plant. This has caused several malfunctions of the tools even if to slow down the process or even explosions.

"This is the biggest interstate cyberattack that can be proven to be interstate," notes Corinne Henin. "Here, all the evidence has shown that the NSA is behind the hacking, whereas in other large-scale cyberattacks, it is much more complicated to incriminate one state or another," she adds.

2- Cyberbunker

The BBC declared in 2013 "the most significant cyberattack in history." A computer incident that slowed internet access on an ad hoc basis. This is because of a conflict between two IT companies, Cyberbunker and Spamhaus.

It should be noted that Spamhaus and a non-profit organization that aims to help email providers by helping them filter out unwanted content and spam. Cyberbunker, on the other hand, is seen as a host who takes responsibility for hosting any type of content except of course "except child pornography and everything related to terrorism." However, the latter is suspected of often hosting spam services, so it has been placed on the blacklist of the first. This resulted in computer revenge. Spamhaus has seen its servers affected by a denial-of-service attack. The result of the attack was the total slowdown of the web

3- WannaCry, the ransomware

Today, it is arguably the most famous computer attack. This hacking took place, at least officially started in 2017 precisely during the month of May. More than 300,000 computers worldwide, running on Microsoft's operating system, that is, Windows, have been infected. The virus originally spread, which was considered unheard of at the time. "A group of hackers then claimed to have hacked the NSA by revealing all its tools of the time. And among those tools was a Windows flaw — affecting up to Windows 10 — that was used a month later to create WannaCry," says Corinne Henin.

It should be noted that many Internet users and organizations were literally forced to pay the ransom in order to be able to recover their data. The damage caused by this computer attack was estimated at US$4 billion. France was the fourth most affected country by this malware spread with nearly 20,000 computers infected. "Before, people didn't necessarily realize the problem. With WannaCry, they lost their data and access to their infrastructure… stresses the specialist.

Now access an unlimited number of passwords:

Check out our hacking software