Cyren Security Blog

Subscribe to this Blog

WARNING: UK Tax Refund Phishing Scam Identified

by Maharlito Aquino and Kervin Alintanahin

Phishing Threat Analysis

A warning to individuals filing taxes in the United Kingdom: Cyren has identified a tax refund phishing email that, at first glance, appears to come from HM Revenue & Customs (HMRC), the UK's tax, payments, and customs authority. Learn more about this scam with Cyren.

Cryptocurrency phishing attack nets over $1 million in a few hours

by Avi Turiel

Phishing Threat Analysis

With tremendous money to be made in a short period of time, phishing has become commonplace within the cryptocurrency exchange world. It's a frenzy when a new currency debuts with its initial coin offering. Read about when the startup currency BEE found itself the focus of a criminal attack. 

Facebook Users Hit With Coinminer Malware

by Maharlito Aquino and Kervin Alintanahin

Security Research & Analysis Threat Analysis

The value of Bitcoin virtual currency just hit a new all-time high, and with it an increasing number of malware threats are targeting users to "borrow" their PC's CPU for use in mining the precious cryptocurrency, something we last wrote about in October here. Once executed, a significant spike in CPU resources can be seen by the user in the active processes list (if they look...).

New Scarab Ransomware Using Necurs-as-a-Service

by Magni Reynir Sigurðsson

Botnets Ransomware Threat Analysis

The new Scarab ransomware being distributed via email by the Necurs botnet appears to come from scanning devices or services like HP, Epson or Lexmark. While there are similarities to the Necurs-distributed Locky ransomware, Scarab seems to have been developed by a different malware author. Necurs began actively distributing Scarab on November 23rd (Thanksgiving Day in the U.S.). Cyren's security cloud blocked 13.3 million emails containing the Scarab attachment that day.

Fake Invoice Carries “Rescoms” Malware

by Maharlito Aquino and Kervin Alintanahin

Malware Threat Analysis

Emails containing malicious attachments equipped with keyloggers and screen capture capabilities are targeting businesses worldwide, with noted attacks in Asia, Russia, and the Middle East. The campaign is designed to look like it comes from real affiliates and employees working for a well-known pharmaceutical distributor in order to make the emails more convincing and lure the recipients into opening the attached document.

Locky Revived – A Roundup of New Variants

by Magni Reynir Sigurðsson

Botnets Malware Threat Analysis

Locky, the ransomware which dominated 2016 and then disappeared for the first half of 2017, has been completely rescuscitated during the past three months with a series of new variants, and demanding three times the ransom rate. A possible reason for its disappearance and reemergence was explored in a recent SecurityWeek blog by Cyren's VP of Threat Research, Siggi Stefnisson.