After analyzing the "Automatically Generated Invoice" email, we determined that it is spam. This fake letter claims to contain an invoice attached to it. After inspecting this attachment, we learned that it operates as a phishing file targeting email account log-in credentials. The spam em
Our research team discovered the Blind Eye Locker ransomware-type program while reviewing new malware submissions to VirusTotal. Once we executed a sample of Blind Eye Locker ransomware on our test system, it began encrypting files and altered their filenames. During the encryption process, it di
BlackLine is the name of a stealer-type malware. Malicious software within this classification is designed to obtain vulnerable data from infected systems. It is considered that stealers pose severe privacy issues, which can evolve into significant financial losses and even identity theft.
WhiteSnake (also known as Gurcu) is an information-stealing malware that extracts a range of sensitive information from infected computers. The threat actors who developed WhiteSnake sell their malware on a hacker forum. This malware can be purchased for varying durations of access, with prices ra
While investigating new submissions to VirusTotal, our research team discovered the RadianceChecked app. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It is designed to display a
Upon conducting tests on the Ocean Saver browser extension, we determined that it is a browser hijacker developed to promote oceansaver.net, a fake search engine. This extension achieves this objective by modifying a web browser's settings. Typically, users download and install/add browser hijacke
Lilmoon is ransomware belonging to the VoidCrypt family. We discovered Lilmoon while analyzing malware samples submitted to VirusTotal. In addition to encrypting data, Lilmoon appends the victim's ID, encrypt.ns@gmail.com email address, and the ".lilmoon" extension to filenames and creates a ranso
Our researchers discovered the Ssaw ransomware during a routine inspection of new submissions to VirusTotal. Ransomware is designed to encrypt data and demand payment for its decryption. After we launched a sample of Ssaw on our test machine, it encrypted files and appended their filenames with a
During our testing of the AssistiveBalance application, our team identified that it displays aggressive and unwanted advertisements. Due to this behavior, we have classified AssistiveBalance as adware, which refers to software that is designed to generate revenue by displaying advertisements. Ty
Qotr, a variant belonging to the Djvu ransomware family, encrypts data and adds the ".qotr" extension to filenames. Qotr creates a "_readme.txt" file to provide contact and payment information. As an illustration of its file renaming method, Qotr changes "1.jpg" to "1.jpg.qotr", "2.png" to "2.png.