Three new threats at large and one thrown behind bars

SamSam ransomware, Mylobot malware, and a new Netflix phishing scam top today’s potential threats.

SamSam ransomware is back with a surprising addition

The ransomware strain that locked up the city of Atlanta in March of this year has returned, cybersecurity experts report, but with one mysterious addition. This new variant of the most infamous ransomware in the world requires input from the attackers themselves in order to fully execute. In a 5-step process, the fifth step necessitates a password to be entered from the ransomers. Some experts speculate this new measure has been put in place to lock out researchers from examining the intricacies of the malware, in case they find a working version. Others speculate this strain was developed for more nefarious purposes than simply making money, as it allows cybercriminals to handpick their individual victims.

New Windows malware is scary smart

Cybersecurity experts are on alert regarding a new and quite sophisticated malware campaign nicknamed Mylobot. It is unknown who created the malware and for what purpose, but it’s clear that the author is no amateur. The frighteningly advanced malware uses several tricks to burrow itself into the victim’s system. Its first tactic is to lie latent for two weeks after infiltration, which keeps any antivirus software from detecting it. After those first two weeks, Mylobot then shuts down Windows Defender and Windows Update while shoring up the firewall to keep antivirus solutions out. After that, it destroys any competitive malware present in the system, then recruits the whole system into a botnet. From that point, it has complete control to use, compromise, mine, and otherwise corrupt the system however the attackers want. Mylobot is not yet widespread, but watchdogs are keeping a wary eye on it.

Advanced phishing in the Netflix stream

The longstanding cybercriminal practice of phishing Netflix accounts is experiencing a current spike. A new ploy sends unsuspecting victims to malicious sites that have Transport Layer Security (TLS) certificates, making them seem official. Experts say the phony websites do in fact look authentic, but the trained eye should notice discrepancies such as the omission of alternate login options, like Facebook, etc. If the targeted victims are tricked into compromising their accounts, the cybercriminals can add multiple streams to the victim’s Netflix account without the account-holder ever noticing. Addressing this new threat, Netflix advises its users never to click links in emails that are purported to come from them.

“Bitcoin Baron” fined and sentenced to 20 months

23-year-old Arizona man Randall Tucker has been outed as the boastful, self-proclaimed hacktivist “the Bitcoin Baron.” Authorities learned his identity by digging through Twitter posts tweeted out by the hacking community. When they found a post mentioning Tucker by name, they took him in for questioning in regards to a DDoS attack against the city of Madison, Wisconsin in 2015. As his “Bitcoin Baron” online persona, Tucker bragged about launching multiple DDoS attacks against various cities, including Madison. He pled guilty to the charges and has been sentenced to 20 months in prison, as well as ordered to pay almost $70,000 in restitution.



Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.

--> -->