Bkgwmu is a ransomware-type program our researchers discovered when inspecting new submissions on VirusTotal. We determined that his malicious program belongs to the Snatch ransomware family. On our test machine, Bkgwmu encrypted files and appended their filenames with a ".bkgwmu" extension. To e
Discovered by our researchers while inspecting software "cracking" websites, Routes is the name of an adware-type application. Advertising-supported software (adware) is designed to run intrusive advertisement campaigns. We have also observed Routes being installed alongside a fake Google Translat
During a routine inspection of rogue websites, our research team discovered the financesurvey24[.]space site. This page loads dubious content, promotes browser notification spam, and redirects visitors to other unreliable/harmful webpages. Most users access sites like financesurvey24[.]space via r
We have discovered the remain dark browser extension while examining deceptive websites. After downloading and testing the app, we learned that it hijacks a web browser by changing certain settings to 87nzaa.com (a fake search engine). It is advertised as an app providing a dark mode for web brows
TargetCompany is a ransomware-type program that we have analyzed and researched. It is leveraged against companies rather than home users. We have also analyzed the following programs that belong to this ransomware family - Architek, Mallox, Tohnichi, Herrco, and Newexploit. This ransomware appen
The "Your eMail account will be disconnected" email is a new find by our research team. Having inspected this letter, we determined that it is a phishing email. It targets recipients' email credentials with false claims about their accounts' impending suspension. The spam email with the su
We have examined this email and concluded that scammers behind it attempt to trick recipients into providing their email account login credentials. Scammers disguised the email as a letter regarding email account deactivation/request for account deactivation. The email claims that the reci
UpdaterWebPageEducate is an adware-type app that our researchers found when inspecting new submissions to VirusTotal. We have determined that this piece of software belongs to the AdLoad malware family. Once installed onto our test machine, UpdaterWebPageEducate began running intrusive a
After analyzing the "Web Access for the 2022 version" email, our researchers determined that it is a phishing scam. This letter attempts to trick recipients into providing their email account log-in credentials to a phishing website, thereby allowing the scammers access/control over the account.
Our team has discovered the ZOZL ransomware while analyzing the samples submitted to VirusTotal. Our key findings are that ZOZL is part of the Phobos ransomware family and encrypts files, generates two ransom notes ("info.hta" and "info.txt"), and renames files. An example of how ZOZL renames fil