Pripyat is a cryptocurrency miner our researchers found while inspecting malware-selling hotspots on the Web. We learned that this piece of malicious software is based on the XMRIG cryptominer. Pripyat malware is designed to abuse the resources of victims' machines to generate Monero (XMR) cryptoc
We have encountered this pop-up scam while examining other pages that use rogue advertising networks (sites that display shady ads and open untrustworthy pages). The purpose of this scam is to trick visitors into believing that their computer is infected with viruses and purchasing an antivirus su
Our research team discovered the History-Cleaner browser extension during a routine inspection of questionable download webpages. Following analysis, we determined that this piece of software operates as a browser hijacker. History-Cleaner modifies browser settings to promote the history-cleaner.
We have discovered the Best Cleaner (or BCleaner) while examining cracked software download sites. One of those pages was a fake download page for a pirated version of the Microsoft Office suite. Since Best Cleaner is distributed via untrustworthy sites, it is likely bundled with other unwanted ap
Our malware researchers have discovered the A1tft ransomware while examining the samples submitted to the VirusTotal page. They found that A1tft is part of the Hive ransomware family. Cybercriminals use it to encrypt files on infected devices. Additionally, A1tft renames files and creates a ransom
"1INCH Giveaway" is a scam that our research team discovered while inspecting sites using rogue advertising networks. This fake giveaway promises that by transferring at least 10,000 1INCH to the listed digital wallet - users will receive triple the amount. It must be emphasized that the "1INCH G
We have analyzed this website and concluded that it is a scam website used to distribute malicious software. This site is likely promoted through compromised (hacked) websites. It is disguised as a download page for the Ledger Live application mandatory update. The website itself is design
Win/Exploit.CVE-2017-11882 is an exploit designed to abuse a vulnerability (CVE-2017-11882) in Microsoft Equation Editor, a component of the Microsoft Office programs. While this weak link has been addressed in the latest MS versions, unpatched ones remain vulnerable. This exploit is used as the
HTML/Phishing.Agent is a detection name for malicious HTML files. It is very common for such files to be used in phishing attacks because other files are usually blocked. Cybercriminals send them mainly via email to trick users into opening phishing pages and providing sensitive information on the
Vtym is ransomware that encrypts files and appends the ".vtym" extension to filenames. Our malware researchers have discovered this ransomware variant while analyzing the samples submitted to the VirusTotal page. It was found that Vtym is part of the Djvu ransomware family. It also creates the "_r