Agniane is a stealer – a type of malware designed to extract and exfiltrate sensitive information from infected machines. This stealer is heavily focused on stealing cryptocurrency-related data. After infiltrating a system, Agniane begins collecting device data, e.g., device name, CPU, GPU
NightClub is the name of a malware that has spyware and data-stealing capabilities. This program has at least four versions, with the earliest variant dating back to 2014. NightClub malware is used by a threat actor dubbed MoustachedBouncer. This group has been around for nearly a decade and almo
We discovered the MotionOptimizer application during a routine investigation of new submissions to the VirusTotal site. Our analysis revealed that this app is advertising-supported software (adware) and that it belongs to the AdLoad malware family. Adware is designed to generate revenue
XI New Tab is a rogue extension promising to display browser wallpapers. Our research team discovered it while investigating untrustworthy websites. After analyzing XI New Tab, we learned that it makes modifications to browser settings in order to promote (through redirects) the xitabs.com fake s
Knight ransomware is the rebrand of Cyclops. Malware within this classification is designed to encrypt files and demand ransoms for their decryption. When we executed a sample of Knight on our test system, it began encrypting files and appended their filenames with a ".knight_l" extension. For ex
While inspecting new submissions to the VirusTotal website, our researchers discovered the Tasa malicious program. It is part of the Djvu ransomware family. Programs within this classification operate by encrypting data and making ransom demands for its decryption. After we launched a sample of T
Our research team discovered another ransomware from the Djvu family called Taoy during a routine inspection of new submissions to the VirusTotal website. Ransomware is designed to encrypt data and demand payment for its decryption. On our test machine, Taoy encrypted files and appended their tit
Our research team found the MediaScape - New Tab browser extension while investigating dubious websites. This extension promises to display browser wallpapers. After analyzing this piece of software, we determined that it is a browser hijacker. MediaScape - New Tab make the changes to browser set
Our researchers discovered S.H.O ransomware during a routine review of new submissions to the VirusTotal website. Malicious programs within the ransomware classification are designed to encrypt data and demand payment for its decryption. Once we executed a sample of S.H.O on our test system, it b
"Capital One SECURITY MESSAGE" is a phishing email. It is disguised as a notification from Capital One regarding an incoming payment to the recipient's account. Supposedly, the payment verification process requires them to sign in through an attached HTML document, which is a phishing file that re