F5Z8A is the name of a ransomware variant that we have discovered while analyzing malware samples submitted to the VirusTotal page. It was found that F5Z8A encrypts files and appends the ".F5Z8A" extension to filenames. It also generates a ransom note (the "@@@ To Restore Your Files.txt" file) con
Gooddaywith-captcha[.]top is a deceptive website that shows a fake CAPTCHA to trick visitors into allowing it to show notifications. Also, this page redirects to other untrustworthy websites. Our team has discovered gooddaywith-captcha[.]top while inspecting sites that use rogue advertising networ
After examining this email, we concluded that it is a phishing email used to trick recipients into providing their email account login credentials. It is disguised as a letter from an email service provider regarding some new policy. It contains a website link designed to open a deceptive page.
We have discovered the desktopnotificationshub[.]com page while examining other sites (illegal movie streaming, torrent, and similar pages) that use shady advertising networks. We found that desktopnotificationshub[.]com uses a clickbait technique to get permission to show notifications. It also r
Lightning Stealer is a piece of malware discovered by 3xp0rt. This stealer targets Steam, Telegram, Discord, and cryptocurrency wallet data, passwords, and cookies. It has its administration panel created to manage data logs. Lightning Stealer is sold for 300 rubles for a week, 500 rubles for a mo
We have discovered the reminderapp[.]store site while examining various shady websites that use rogue advertising networks. We found that it runs various scams that use scare tactics to trick visitors into downloading a certain application and displays other questionable content. Thus, remindera
Udla is ransomware that belongs to a ransomware family called Djvu. Our team has discovered the Udla ransomware variant while examining the samples submitted to VirusTotal. After analyzing it, we found that it encrypts files, appends the ".udla" extension to filenames, and creates the "_readme.txt
Gtys is ransomware that encrypts files and changes their extension to ".gtys". It is one of the variants belonging to the Djvu ransomware family. Our team has discovered it while checking malware samples submitted to VirusTotal. The ransom note ("_readme.txt" file) contains instructions on how to
Mpag is ransomware that encrypts files, modifies filenames by appending the ".mpag" extension to them, and creates a text file ("_readme.txt") containing a ransom note. Mpag is part of the Djvu ransomware family. We have discovered this variant while checking VirusTotal for recently submitted malw
Voom is the name of a Djvu ransomware variant that has been discovered by our team during the analysis of malware samples submitted to the VirusTotal page. This variant encrypts files and appends the ".voom" extension to filenames. It also generates the "_readme.txt" file containing contact and pa