Canadian (RRansom) is a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption tools. After we executed a sample of this ransomware on our test system, it encrypted files and appended their filenames with a ".canadian" extension. To elabor
We investigated this email and learned that it was sent by scammers who aim to trick unsuspecting recipients into providing personal information on a deceptive page. This email is disguised as a letter from an email service provider. It instructs recipients to validate their email accounts.
While examining this email, our malware researchers found that it contains a malicious attachment. Threat actors behind it are pretending to be a company based in Dubai. Their goal is to trick recipients into executing the FormBook malware designed to steal sensitive information. This emai
While looking through new submissions to VirusTotal, our researchers discovered the EngineFlow application. After analyzing this app, we learned that it is adware. Additionally, we determined that EngineFlow belongs to the AdLoad malware family. Adware stands for advertising-supported so
While inspecting malware samples submitted to VirusTotal, we found a new SATANA ransomware variant called SEX3. It encrypts files and appends the ".SEX3" extension to filenames. Also, it changes the desktop wallpaper and drops the "!satana!.txt" file containing contact and payment information. An
Yguekcbe is a ransomware that we found while inspecting new submissions to VirusTotal. Additionally, it is worth mentioning that this program is part of the Snatch ransomware family. On our testing system, Yguekcbe encrypted files and appended their names with a ".yguekcbe" extension. For example
AcridRain is the name of a stealer, a type of malware designed to extract sensitive information from victims' devices. Like many programs of this type, AcridRain can obtain data from browsers and various other applications. However, this stealer is also heavily focused on cryptocurrency-related co
MainSignSearch is an untrustworthy application distributed via a deceptive page. Our team discovered MainSignSearch after using a fake installer. While examining this app, we found that it displays unwanted advertisements. Therefore, we classified MainSignSearch as adware. MainSignSearch
Typhon is a stealer-type malware written in the C# programming language. Newer versions of this program are called Typhon Reborn (TyphonReborn). Malware within this classification is designed to extract data from infected systems. The older variants of Typhon have a broader range of functionalitie
While investigating scam emails (e.g., "Geek Squad Email Scam"), we discovered qhelp[.]cc - a scam website used to obtain remote access to computers. Scammers use qhelp[.]cc to trick visitors into installing remote access software via the downloaded "SupportClient.exe" file. Typically, scammers us