After analyzing this email, we found that its purpose is to trick recipients into infecting their computers with a remote access Trojan named BitRAT. It is disguised as a letter from Amazon and contains a malicious attachment (a malicious disk image file). The email claims that a package h
WORLD GRASS (also known as EarthGrass/EarthGress) is a ransomware-type program that our research team found while inspecting new submissions to VirusTotal. After launching a sample of this ransomware on our test machine, we learned that it encrypts files and appends their filenames with a ".34r7h
Saitama is the name of a backdoor malware (written in .Net) that abuses DNS protocol for C2 (Command and Control) communications. It can execute remote commands and drop files. We have discovered this backdoor during the analysis of an email containing a malicious attachment (an Excel document).
Our malware researchers have discovered a new ransomware variant called Redem Mikhail during a routine check of malware samples submitted to the VirusTotal page. They found that Redem Mikhail is part of the Spora ransomware family. Once executed, it encrypts files, modifies their filenames, and cr
While inspecting new submissions to VirusTotal, our researchers found the PDFCreator application. It has multiple detections as "adware" on VirusTotal. Although we did not observe any characteristics of such software during analysis (potentially due to some sort of incompatibility between PDFCr
Our team has discovered the VoltageTask application while inspecting various deceptive web pages. After installing and analyzing this app, we learned that it displays intrusive advertisements. Therefore, we categorized VoltageTask as adware (advertising-supported software). A big part of
While inspecting questionable websites, our research team discovered the cauthaushoas[.]com rogue webpage. It is designed to host dubious content, promote browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites. Most users enter websites like cauthaushoas[.]c
We discovered the mkjxtu[.]com page while examining various illegal movie streaming pages, torrent sites, and other sites that use rogue advertising networks. During analysis, we found that mkjxtu[.]com displays deceptive content/uses a clickbait technique to get permission to show notifications.
We have discovered the Fefg ransomware while examining the malware samples submitted to VirusTotal. The purpose of Fefg is to encrypt files. Also, this ransomware appends ".fefg" extension to filenames and creates the "_readme.txt" file. We found that Fefg is part of the ransomware family called D
Highpotencysecurity[.]com is a rogue webpage that our researchers found while inspecting dubious sites. This page is designed to load scams, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites. Most users access such webpages through red