Coinhive: Innovative but Abused

Cryptocurrencies are fast becoming, if not already, a massive investment tool that is rewriting the rules as to what the currency currently in your wallet can be. With innovation often comes teething problems, these in themselves are not a worry. What is a worry is how malware authors are exploiting innovative ideas for short-term gain. This is hardly new and seems to be an information age constant in that if a tool or idea can be abused to swindle and extort it shall. This maxim is probably not even an information age phenomenon but one that pervades human history. Coinhive appears to have started its life fairly innocently. As a tool Coinhive could be used by website owners to generate extra income rather than utilizing ad banners. It is essentially a java library that can be added to the website which when visited by a visitor Coinhive will use a percentage of the visitors CPU to mine Monero. Once the visitor ...

How to remove “Your device has been blocked” ransomware virus from Android tablet or phone?

Cyber criminals have been spreading ransomware viruses on Windows-based computers for some time. These types of infections became popular in mid-2006 and continue to infect personal computers and extort money from their victims. Recently, security research began showing a rise in Android-based mobile ransomware infections. Commonly, ransomware viruses exploit the names of authorities including the FBI, USA Cyber Crime Investigations, and The ICE Cyber Crime Center - making fake claims that users must pay an amount of money (for supposed law violations such as watching pornography, using copyrighted files, etc.) in order to unblock their devices. In most cases, cyber criminals employ the Green Dot MoneyPak, Ukash, or PaySafeCard pre-paid card services to collect fake fines from unsuspecting mobile device users. Tablet and mobile phone users should be aware that paying these fines as ordered by these messages ...

Onion3Cry Ransomware

Discovered by MalwareHunterTeam, Onion3Cry is a malware based on an open-source ransomware project called Hidden Tear. Once infiltrated, Onion3Cry encrypts stored data using AES cryptography. While encrypting, Onion3Cry displays a fake Windows Update window and appends names of compromised files with ".onion3cry-open-DECRYPTMYFILES" extension. For instance, "sample.jpg" is renamed to "sample.jpg.onion3cry-open-DECRYPTMYFILES". Following successful encryption, Onion3Cry opens a pop-up window ("### DECRYPT MY FILES ###.exe", placed on victim's desktop). The pop-up window contains a message that informs victims about the encryption and encourages them to contact Onion3Cry's developers in order to restore their data. Victims must contact crooks within 12 hours after the decryption (pop-up contains a countdown timer). As mentioned above, Onion3Cry employs AES cryptography (Hidden Tear is designed to use this al...