While examining malware samples submitted to the VirusTotal website, our analysis revealed the presence of a ransomware variant called Gayn. This ransomware employs file encryption to block access to files and modifies filenames by adding the ".gayn" extension. Additionally, it generates a ransom
Gazp is ransomware belonging to the Djvu family that employs encryption to lock data and appends the ".gazp" extension to file names. Additionally, Gazp generates a "_readme.txt" file that contains instructions for contacting the attackers and making ransom payments. It is common for Djvu ransomw
ResultsDisplay is a rogue application we discovered while investigating new submissions to the VirusTotal website. Our analysis of this app revealed that it is adware. ResultsDisplay is part of the AdLoad malware family. Adware stands for advertising-supported software. It is designed to
Our research team found the ActiveProtocol app while inspecting new submissions to VirusTotal. After examining this application, we determined that ActiveProtocol is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It operates by delivering
After inspecting the "OneDrive Purchase Order" email, we determined that it is spam operating as a phishing scam. This bogus letter claims that the recipient was sent documents for a purchase order via OneDrive. It must be emphasized that this spam mail is in no way associated with the actual One
WebEnumerator is a rogue application our researchers discovered while inspecting new submissions to the VirusTotal website. After we examined this app, we learned that it operates as advertising-supported software (adware); additionally, that WebEnumerator is part of the AdLoad malware family.
NokNok is the name of a backdoor-type malware that targets macOS (Mac Operating Systems). Programs within this classification are designed to open a "backdoor" for additional malicious components into compromised systems. NokNok has been used in cyber-espionage attacks targeting individuals and
Phemedrone is an information stealer coded in the C# programming language. This malicious software is designed to gather system information, capture files, and steal data from web browsers and applications. Users who suspect that their computers are infected with Phemedrone should remove the malwa
We have inspected aahdxn[.]com and learned that this page is designed to trick visitors into allowing it to send notifications. Aahdxn[.]com displays deceptive content to receive that permission. Our team discovered aahdxn[.]com while examining dubious pages associated with shady advertising netwo
Our examination of the "Quickbooks Payments Invoice" email revealed that it is spam. The letter falsely claims that the recipient has an incoming payment that they can approve by reviewing the attachment. However, it is a phishing file that records entered log-in credentials. The spam emai