The year 2017 has been very active in terms of malware. Aside from the spectacular data breaches and cyber attacks such as the WannaCry ransomware scare in May, multiple virus propagations have been reported by security researchers over the last few weeks. Here are some of the most active pieces of malware reported as being very active in July:
Svcvmx.exe
This adware Trojan is usually bundled with freeware downloads for Windows computers. One instance of svcvmx.exe is packaged along with what is supposed to be a modified version of WinMX, a file sharing program that was popular in the wake of the original Napster craze. Once this adware is installed, it will run in the background and will proceed to generate ad revenue for the developer whenever a browser is active. In the Processes tab of the Windows Task Manager, users may see several entries labeled as “Winvmx Client;” this is designed to trick users into believing that the music sharing program is active.
Diegocosta.stream
This is one of the many video streaming websites that purportedly feature international soccer matches and concerts. In reality, this is a malicious site that executes JavaScript code for the purpose of installing a plugin or an extension that ultimately hijacks Chrome, Edge and Firefox browsers. Unfortunately, the new .stream top-level domain, which was designed to host video streaming service, has attracted quite a few malicious actors.
PrimeUpd
Torrent tracker websites such as The Pirate Bay are filled with movies, music and software packages that computer users agree to share. The problem with these sites is that users put themselves at great risk of installing software bundled with malware such as PrimeUpd, a Trojan that collects browsing behavior for the purpose of surreptitiously serving banner ads and pop-up advertising. Aside from hiding in torrent downloads, PrimeUpd has been spotted in spam email messages.
Jaff Ransomware
This malware variant spread across the United States a few months ago; it was a clumsy attempt at demanding ransom payments from infected users whose files were encrypted and turned into files locked with .jaff, .svn, and .wlu extensions. Many versions of this ransomware featured faulty payment systems, and the decryption key was eventually released by information security firm Kaspersky Labs.
