Antario Phelps – Malware Board

Feb 07

Japanese defense contractors disclose about a security beach

Today, the two Japanese defense contractors -Pasco Corporation and Kobe Steel disclosed the security breaches happened in the May 2018 and in June 2015/August 2016. The geospatial provider and major steel provider also confirm about this authorized access to the internal network and infect the systems in it with malware during the two incidents. Pasco is a provider of satellite data and Kobe is the supplier of submarines parts for the Japan Self defense forces. As per Pasco, the breach did not lead to the leakage of any defense information. However, the kobe’s statement did not mention anything on it. But, as per Nikkei reports, 250 files with data related to Ministry of Defense and personal info were compromised due to the company’s server hacked. Japanese Defense Minister, in a press conference on January 31 said, the two companies are the last of the four defense related firms hacked between Read more

Feb 03

Wawa data breach over 300 million card individuals’ card details

In December 19, 2019, Wawa, a company from East Coast of the US, announced about data breach on their retail giant shop. The company believed that the breach was a result of being infected with point of sale POS malware. This is the same malware that led Visa to warn fuel stations throughout North America and the pumps and devices attached being the target of Cybercriminal organizations. POS malware is especially designed to steal credit and debit card details from point of sale devices to process card payments. It encrypts the data of the card on payment devices before sending for the approval to bank network. The encryption occurs inside the RAM of the device which allows the malware to scrap the hardware and steal the card details. The command and control server of hackers’ control then connect to the device and receive the information. Returning to the Wawa incident, Read more

Feb 03

How to remove Antivirus-expired.info

Easy Antivirus-expired.info removal instruction Antivirus-expired.info is considered as an ad-supported application that focuses on rerouting web traffic and pushes pop-ups to increase views and visits of advertising services that can get monetized. First of all, it throws a pop-up claiming that you need to click on Allow button to provide a confirmation that you are not a robot or to watch some type of hidden video. If this confirmation is done, you start receiving a number of pop-ups and notifications from the site directly on the screen as this ways the subscription to the site is done. While disabling Antivirus-expired.info from the browser settings can stop these pop-ups and there is not a big deal in this, the redirection from the site continually happens on browser as it is pushes from background by adware application. The site redirects web traffic to sponsored, affiliated pages that can bring some dangerous computer Read more

Feb 03

How to remove Topi Virus

Easy Topi Virus removal guide Topi Virus is a ransomware infection that encrypts stored file and demands ransom payment for the decryption. During encryption, it appends the filenames of the encrypted files using .Topi extension. For example, a file 1.jpg becomes 1.jpg.Topi. Following to encrypting the files, the ransomware creates _readme.txt file and drops it on each folder containing infected files. The created text file states that the files have been encrypted and that the victims need to purchase decryption tool/software from the ransomware developers, if they want the data back. To establish contact to these people, two email addresses are provided for the victims. The ransom note also provides a piece of information about the price of the decryption tool which is $980. There are some attempts by the crooks to make users pay the ransom soon. These include: 50% discount – the developers 50% discount on the decryption Read more

Feb 03

How to remove Feidhartaime.pro

Easy Feidhartaime.pro removal guide Feidhartaime.pro is the website that shows pop-up window to lure users into allowing additional notifications. It is designed to create redirect to increase the views and visits of sponsored, affiliated content. This site is result of a potentially unwanted program or adware infection. Although this is not a rule as in some cases, users come to the site by occasionally or by a redirect from any third party sites. The case with the adware infection is dangerous as such infections come in with the help of various deceptive techniques. Soon after the infiltration, they change the crucial browsers’ settings and force opens a new browsing tab for Feidhartaime.pro site, in particular. As a result of this, users who got an infection of such viruses, have to visit the said domain all the time when they open the browsing tab/Window. When visited, they see the following message Read more

Feb 03

How to remove Upiloumnejim.pro

Easy Upiloumnejim.pro removal guide Upiloumnejim.pro is a bogus pop-up that appears on web browser during web browser usually because of adware infection. The pop-up provides two possibilities to the users – one is to allow the ads flow and other one is to block its incoming. Of course, our recommendation is disabling the ad flow as it brings a lot of questionable offer, content, and interruption that decrease the browser speed and may lead you to download some rogue products, pay for fake services and enter personal and sensitive information to any third party sites. Adware intrudes in without users’ consent mostly with some other software download using software bundling. Once intrudes, it conducts certain modifications on the installed browsers such as Google Chrome, Internet Explorer and Mozilla Firefox and force open a new browsing tab for the Upiloumnejim.pro site, in particular. The users are forced to visit this domain Read more

Feb 01

How to remove Get Your Coupons Now

Complete Get Your Coupons Now removal guide Get Your Coupons Now is an app that supposedly provides you a quick access to various websites containing coupons, deals and so on. However, it is a browser hijacker application that is designed to promote a fake search engine. This browser promotes search.getyuorcouponsnotab.com by modifying the web browsers settings. Additionally, it can track users’ browsing information. Users mostly install this type of applications unintentionally and for this reason the apps are also called potentially unwanted applications. Once intrudes, Get Your Coupons Now alters the settings of installed browsers such as Google Chrome, Internet Explorer and Mozilla Firefox and sets search.getyourcouponsnowtab.com to the browsers’ homepage, new tab page and default search engine options. Such changes are not insignificant and users are not able to return to the previous browsers settings. To prevent users to do any changes, the browser hijacker various browser helper objects. Read more

Feb 01

How to remove Andradegalvao Ransomware

Complete Andradegalvao Ransomware removal guide Andradegalvao Ransomware is a new variant of BitPyLock ransomware family. it encrypts stored files on a compromised host machine and demands ransom for the decryption tool/software. During the encryption process, Andradegalvao appends the filenames of the encrypted files with .Andradegalvao extension. Soon after that, the ransomware creates a .html file under the tile #HELP_TO_DECRYPT_YOUR_FILES #.html and drops it on the each infected folder. The created .html file contains ransom demanding message informs users that their data have been encrypted and that it is the developers behind the ransomware only who can decrypt the files for them. They are instructed to create a bitcoin cryptocurrency wallet and purchase 4 BTC (approximately equal to 37 thousands US dollars at current). As per the note, pay 4 Bitcoin to the developers’ cryptowallet and send a proof of this to the provided email address. Users are provided free decryption Read more

Feb 01

How to remove REPP ransomware

Easy REPP ransomware removal guide REPP ransomware is a huge risk computer infection that operates by encrypting stored files on their devices and demanding ransom payment for the decryption. During encryption, it appends the filenames of the encrypted files using .REPP extension. For example, a file myphoto.jpg becomes myphoto.jpg.REPP. Following to this, the ransomware crates _readme.txt file and drops it on each folder. The created text file states that the files have been encrypted and that the victims have to purchase a decryption tool from the ransomware developers, if they want the data to get back in the original accessible condition. The price of this decryption tool is $980, but the developers offer a discount of 50% for the victims who contact them through the provided emails within 72 hours. For the contact, two email addresses are provided. As per the note, second one is used when users get no Read more

Feb 01

How to remove Your AntiVirus Subscription Might Have Expired pop-up

Easy Your AntiVirus Subscription Might Have Expired pop-up removal guide Your AntiVirus Subscription Might Have Expired pop-up appears on a rogue website on an infected browser by an adware type program that focuses on pop-ups delivery and web traffic redirect so as the advertising services generate views and visits. Such content generates revenue to the developers direct to their pockets. Additionally, third party programmers promote their rogue programs/products and services on such pages. Be aware of that such products are not reliable. Your AntiVirus Subscription Might Have Expired pop-up is one of deceptive pages that result out on browser due to the adware. The page contains a fake error message to trick people into subscribing to a service that in real sense does not require. It states that the antivirus suite (that they are using) subscription has expired and requires renewal to protect the system from latest Ransomware viruses. While Read more