Our researchers found the Xro ransomware while reviewing new malware submissions to the VirusTotal platform. This malicious program is part of the Xorist ransomware family. After we launched a sample of Xro on our test system, it encrypted files and altered their names. Original filenames were ap
Agent Racoon is a malicious program written using the .NET framework. It is classed as a backdoor; malware within this classification is designed to open a "backdoor" into targeted systems. These programs are typically used in the initial phases of multi-stage infections. The first instances of A
During our evaluation, it has come to light that this email is a fraudulent attempt masquerading as a notification from DHL, a reputable logistics company. The individuals orchestrating this scam intend to deceive recipients into accessing a counterfeit website and divulging personal information.
While conducting regular analysis of malware samples submitted to VirusTotal, we discovered a ransomware variant dubbed Elpy. It belongs to the Phobos family and is designed to encrypt files, modify filenames, and provide two ransom notes. Elpy appends the victim's ID, ambu.lance@tuta.io email add
During a routine investigation of dubious sites, our research team discovered ourhugenewz[.]com. Upon inspection, we determined that this is a rogue webpage that promotes browser notification spam and is capable of redirecting visitors to other (likely untrustworthy/dangerous) websites. The major
Our research team found the Colour Cure browser extension during a routine inspection of dubious websites. This piece of software makes changes to browser settings in order to promote (via redirects) the colourcure.xyz illegitimate search engine. Due to this behavior, Colour Cure is classed as a b
The Cryptology browser extension promises to display cryptocurrency price charts that update themselves in real-time. We discovered this piece of software while investigating dubious websites. Our analysis revealed that The Cryptology is a browser hijacker. This extension makes alterations to brow
During a routine inspection of new submissions to the VirusTotal website, our research team discovered FormatConnection. After analyzing this app, we learned that it is adware belonging to the AdLoad malware family. FormatConnection operates by running intrusive advertisement campaigns.
Oortagle[.]top is a rogue webpage that promotes dubious content and spam browser notifications. Additionally, it can redirect users to different (likely unreliable/hazardous) websites. Most visitors to pages like oortagle[.]top enter them via redirects generated by sites using rogue advertising ne
Our researchers discovered the QR Code Search browser extension while investigating suspect websites. Following our examination, we determined that this is browser-hijacking software. It makes alterations to browser settings in order to promote the qrcodeme.xyz fake search engine. QR Code Search a