We have discovered the exclusivedealsfinder[.]com website while inspecting other pages that use rogue advertising networks. Exclusivedealsfinder[.]com runs a fake endorsement for a CBD company and asks for permission to show notifications. It is strongly advisable not to trust this site or agree t
We have examined this email and found that the cybercriminals behind it attempt to trick recipients into executing a malicious file extracted from the attached file. It is disguised as a letter from DHL (a legitimate logistics company) regarding shipping documents that require review. Cybe
SMSSpy refers to a piece of malicious software masquerading as various applications of legitimate e-commerce platforms. This malware aims to obtain victims' online banking credentials and thus gain access to the funds stored in the accounts. At the time we researched SMSSpy, it targeted Malaysian
Sapphire is the name of a cryptocurrency miner. This malware is sold in hacker forums for 75 euros. Sapphire can mine XMR (Monero), ERGO, ETC (Ethereum Classic), and ETH (Ethereum) cryptocurrencies. Additionally, this miner can avoid being detected by Windows Defender, hide from Task Manager and
During a routine inspection of VirusTotal submissions, our research team discovered yet another ransomware-type program belonging to the Djvu family. The program in question is named - Ghas. Once launched onto our test machine, this ransomware began encrypting files and appending their filenames
We have discovered MATILAN while inspecting malware samples submitted to VirusTotal. It was found that MATILAN is ransomware designed to encrypt files, append the ".MATILAN" extension to filenames, and generate three ransom notes. Before logging into Windows, a ransom note appears on a black scre
Qall is a ransomware-type program that our researchers found while inspecting new malware submissions to VirusTotal. We determined that this malicious program belongs to the Djvu ransomware family. After being executed on our test system, this ransomware encrypted files and appended their filenam
Hajd is the name of ransomware belonging to the Djvu ransomware family. Our team has discovered this variant on VirusTotal. Hajd encrypts files and appends the ".hajd" extension to their filenames. Also, it creates a text file named "_readme.txt". This file contains a ransom note. An example of h
Our team has discovered a new ransomware variant belonging to the Djvu family called Qpss. The purpose of Qpss is to encrypt files. Additionally, it appends the ".qpss" extension to filenames and creates the "_readme.txt" file (a ransom note). We have found this ransomware while examining malware
Systemsecuritys[.]com is a rogue webpage that our researchers found while inspecting dubious websites. This page is designed to load deceptive material, push browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites. Most users enter systemsecuritys[.]com and s