Rotexy Android Trojan Banker and Ransomware

In a three-month period from August to October 2018, it launched over 70,000 attacks against users located primarily in Russia. An interesting feature of this family of banking Trojans is the simultaneous use of three command sources:

Google Cloud Messaging (GCM) service – used to send small messages in JSON format to a mobile device via Google servers;
malicious C&C server;
incoming SMS messages.

It spreads under the name AvitoPay.apk (or similar) and downloads from websites with names like youla9d6h.tk, prodam8n9.tk, prodamfkz.ml, avitoe0ys.tk, etc. These website names are generated according to a clear algorithm: the first few letters are suggestive of popular classified ad services, followed by a random string of characters, followed by a two-letter top-level domain.

After infection, the Trojan displays a fake HTML update page (update.html) that blocks the device’s screen for a long period of time.
The Trojan displays the extortion page (extortionist.html) that blocks the device and demands a ransom for unblocking it. The sexually explicit images in this screenshot have been covered with a black box.
The Trojan displays a phishing page (bank.html) prompting the user to enter their bank card details. This page mimics a legitimate bank form and blocks the device screen until the user enters all the information. It even has its own virtual keyboard that supposedly protects the victim from keyloggers.

According to our data, 98% of all Rotexy attacks target users in Russia. Indeed, the Trojan explicitly targets Russian-speaking users. There have also been cases of users in Ukraine, Germany, Turkey and several other countries being affected.

To avoid such Trojans form landing on your mobile device:

A powerful, updated security solution is a must for all devices you use to shop online. Avoid buying anything online from websites that look potentially dangerous or resemble an incomplete version of a trusted brand’s website.
Don’t click on unknown links in email or social media messages, even from people you know, unless you were expecting the message.

Use Max Total Security for Android devices for total protection.

PedCont ransomware

Pedcont is a ransomware-type virus that stealthily infiltrates systems. Unlike most other ransomware, Pedcont does not encrypt or rename/modify data in any way, but it does display a pop-up window with a ransom-demand message.

The message states that stored data has been copied to a remote server and that users must pay a ransom of $50 in the Bitcoin cryptocurrency. Once payment is submitted, all stored files are supposedly deleted from the server. If, however, the victim decides not to pay, or payment is not submitted within the given time-frame (72 hours after infiltration), all data is transferred to ‘authorities’. In this way, users are threatened: those who have potentially illegal files may face serious issues. As mentioned above, this behavior is unusual to ransomware-type viruses. This ransomware does not append any specific file extension to the targeted data.

PedCont virus seems to be more of a scareware than a real ransomware because it does not properly encrypt data on the targeted computer. The main purpose of this cyber threat is to trick users that they are criminals who used internet for illegal activities, and now they have to make a payment in order to avoid prosecution.

Soon after the infiltration, PedCont ransomware displays a window on the screen with a threatening message where people can learn what had happened to their files, Criminals use pure psychological terror in order to convince victims into paying the ransom. Paying $50 does not seem as painful as being arrested. However, people standing behind PedCont have nothing in common with legal authorities. This malicious program is created for swindling the money from inexperienced and naive computer users.

pedcont

As soon as PedCont ransomware has infected your computer system, the virus may drop it’s payload files, which in their turn may reside in the following Windows directories:

%AppData%
%Local%
%LocalLow%
%Roaming%
%Temp%

As always, we recommend to not pay any ransom to these companies and use your back up to restore files. Always use Max Total Security to keep all ramsomware away and have peace of mind with automatic back up on local drive, network and on Google Drive.

ЗАКЛАДКИ КРАКЕН ТЕЛЕГРАМ БОТ ШОП ТОР

Официальный Telegram Bot Kraken:

http://kraken2tr7eohw6acwwp2apxtgqtoy67gzggozvuzmglc7yq35ysboad.onion/ (заходить через Tor Browser)

Погружение в мир даркнета с помощью телеграм бота Кракен

Даркнет – это мир таинственности и запретных возможностей, где можно найти самые разнообразные товары и услуги. И одним из самых популярных способов доступа к даркнету является использование телеграм ботов. Один из таких ботов – Кракен, который предоставляет доступ к маркетплейсу даркнета, где можно найти все, что угодно.

Что такое телеграм бот Кракен?

Телеграм бот Кракен – это специальный инструмент, который позволяет пользователям получить доступ к маркетплейсу даркнета прямо из мессенджера. С его помощью можно просматривать ассортимент товаров, делать заказы и общаться с продавцами, не выходя из телеграма. Это удобно, безопасно и анонимно.

Как использовать телеграм бот Кракен?

Для начала использования телеграм бота Кракен, вам нужно найти его в поиске телеграма и добавить в список контактов. После этого вы сможете приступить к просмотру товаров, выбору нужного и совершению покупки. Не забывайте соблюдать правила безопасности и анонимности при работе с даркнетом.

Особенности телеграм бота Кракен

Телеграм бот Кракен отличается высокой степенью безопасности и конфиденциальности. Все операции проходят через защищенное соединение, а данные пользователей хранятся в зашифрованном виде. Кроме того, бот постоянно обновляется и совершенствуется, чтобы обеспечить максимальный комфорт и удобство использования.

Заключение

Телеграм бот Кракен – это удобный инструмент для тех, кто хочет погрузиться в мир даркнета и исследовать его возможности. Он обеспечивает доступ к маркетплейсу даркнета прямо из телеграма, обеспечивая безопасность и конфиденциальность пользователей. Если вы хотите узнать больше о даркнете и его возможностях, попробуйте использовать телеграм бот Кракен и окунитесь в мир запретных возможностей.