Our team has discovered a clipper malware called 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p while inspecting cracked software download websites. Cybercriminals use this malware to steal Bitcoin cryptocurrency. We also found that the installer containing 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p malware injects a
After analyzing the "Please find attached receipt" email, we determined that it operates as a phishing scam. This letter promotes a website disguised as an email sign-in webpage that targets account log-in credentials (i.e., passwords). The spam email requests the recipient to provide corr
Betaengine[.]org is one of the many deceptive pages designed to trick visitors into agreeing to receive their notifications. Most of these pages are promoted via other pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). We have discovered betaengine[.]or
While looking through untrustworthy websites, our research team discovered the news-zafewi[.]cc rogue page. It pushes browser notification spam and redirects visitors to different (likely unreliable/malicious) sites. Most visitors to webpages like news-zafewi[.]cc enter them through redirects caus
The purpose of shwfpd[.]com is to promote untrustworthy websites. It redirects visitors to those pages and promotes them via its notifications. Shwfpd[.]com displays deceptive content to trick visitors into agreeing to receive notifications). We have discovered shwfpd[.]com while visiting other sh
During a routine inspection of new malware submissions to VirusTotal, our research team discovered the Selena ransomware-type program. We obtained a sample for testing from VirusTotal. On our test machine, this malicious program encrypted files and altered their filenames. The names of affected f
We have discovered a new Djvu ransomware variant called Egfg. It was found while checking the VirusTotal page for recently submitted malware samples. Egfg encrypts files and appends its extension (".egfg") to filenames. Also, it creates a ransom note (the "_readme.txt" file). An example of how fi
NetDivision is an application that our researchers discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it operates as adware and belongs to the AdLoad malware family. Advertising-supported software (adware) is designed to
Defendprivacyservice[.]com displays deceptive content to trick visitors into believing that their computers are infected. The purpose of this site is to promote antivirus software. It is operated by affiliates who aim to collect illegitimate commissions. We have discovered defendprivacyservice[.]c
We have discovered the DomainNameProduct application on a shady web page. After analyzing DomainNameProduct, we found that it is a typical advertising-supported application - the purpose of this app is to generate annoying advertisements. Advertising-supported applications like DomainNam