Our research team discovered the CodesTerminal application while inspecting file submissions to the VirusTotal website. After investigating this piece of software, we determined that it is adware. CodesTerminal belongs to the AdLoad malware family. Adware stands for advertising-supported
r77 is a rootkit – a collection of malicious software that enables unauthorized access to systems. This rootkit was developed with a strong emphasis on stealth. It can hide files, registry keys, tasks, and even inject itself into specific software. r77 has been observed being proliferated via "Cli
We have reviewed the email and found that it is an advance-fee scam designed to manipulate victims into providing personal information and (or) making fraudulent payments. Such emails usually contain fake claims to deceive recipients. They should be ignored to avoid monetary loss, identity theft,
KeyParameter is an adware-type application discovered by our researchers during a routine inspection of file submissions to the VirusTotal website. This app is part of the AdLoad malware family. KeyParameter aims to generate revenue for its developers/publishers through advertising. Adwa
Arcane is an information stealer that collects sensitive data from infected systems, including gaming clients, VPNs, and network utilities. It is spread through fake YouTube videos offering game cheats. It is worth noting that a similarly named stealer exists, named Arcane Stealer V. But it bears
Mamona is a ransomware-type program that encrypts files and demands payment for their decryption. It adds a ".HAes" extension to the filenames of affected files. For example, a file originally named "1.jpg" appears as "1.jpg.HAes", "2.png" as "2.png.HAes", etc. After the completion of this proces
Data is ransomware we discovered during our routine analysis of malware samples uploaded to VirusTotal. This ransomware encrypts files and appends an email address and the ".data3" extension to them. Data also changes the desktop wallpaper and provides a ransom note in a file named "#Read-for-reco
We have inspected easydefender[.]site and found that it hosts the "TROJAN_2023 And Other Viruses Detected (5)" scam. Also, the site requests permission to show notifications. Usually, when pages like this one are allowed to send notifications, they bombard users with fake warnings and similar cont
Our inspection of the email has shown that it is a phishing email designed to look like a notification from the email service provider. Fraudsters utilize this scam email to trick recipients into disclosing personal information through a fake web page. Recipients should ignore this email to avoid
Our analysis of BinaryAnalog reveals that it functions as adware, generating intrusive and potentially deceptive advertisements. Multiple security vendors have also classified the app as malicious. Users are advised against installing BinaryAnalog and should remove it if it has already been inst