Attackers were found exploiting a zero-day Telegram app vulnerability in order to make the names and extensions of malicious files appear more legitimate, in hopes that users who received these files would more willingly open them.
Malicious Chrome and Firefox extensions that block their removal in order to hijack a user's browser to drive clicks up on YouTube videos and hijack searchers are automatically infecting user devices.
Just days after the creators of the Cryptomix ransomware came out with a new variant, another was issued that again changed the extension on the encrypted files.
Cyber-criminals have given CryptoMix ransomware a few minor twists, including adding a new extension name to the encrypted files.
A malicious Google Chrome extension forces users to install it via its irritating installation popups and then spies on browser histories and sends them to a remote server.