WExtension is the name of ransomware that our team has discovered while checking the samples submitted to VirusTotal. While analyzing WExtension, we found that it encrypts files, appends the ".WExtension" extension to filenames, and creates the "read_it.txt" file containing a ransom note. For exa
Our team has discovered the TypeValue application while inspecting various shady websites encouraging to download fake updates for the installed software. After examining TypeValue, we found that it displays advertisements and hijacks a web browser. Thus, this application can be categorized as a
During a routine inspection of the newest malware submissions on VirusTotal, our researchers found the Scl ransomware. After launching a sample on our test machine, we observed this ransomware encrypting data and renaming files by appending them with a unique ID, the cyber criminals' email addres
While analyzing the ransomware sample, we found out that Qqqw belongs to a family of ransomware called Djvu. It encrypted files and appended the ".qqqw" extension to filenames (for example, it renamed "1.jpg" to "1.jpg.qqqw", "document.txt" to "document.txt.qqqw"), and created the "_readme.txt" fi
Webprotrctionprogramm[.]com is yet another one of our findings from a routine exploration of untrustworthy websites. This page is designed to load deceptive content (e.g., "McAfee - Your PC is infected with 5 viruses!" scam), promote spam browser notifications, and redirect visitors to other unrel
After receiving this email, our researchers determined that it is a phishing email. The "Cornèrcard" letter in question is fake and in no way associated with Cornèr Bank - a Swiss private bank and credit card business. These emails target French-speaking users and attempt to trick them into disclo
Our researchers discovered the Arizona ransomware during an investigation into new malware samples uploaded to VirusTotal. After running this malicious program on our test system, we noticed it encrypting files and appending their filenames with the ".AZ" extension. For example, a file initially
"Wallet Access Connect" is a phishing scam targeting cryptocurrency wallet log-in credentials. We found it when analyzing sites that use rogue advertising networks. This scheme is presented as a tool to ease access between dApps (decentralized applications) and mobile wallets. When we acce
While testing the sample, we identified that Factfull is ransomware - malware that encrypts files. We learned that this ransomware appends a string of random characters, factfull0103@airmail.cc email address, and the ".factfull" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[8
While examining the need dark application, we have learned that it hijacks a web browser by changing its settings. The purpose of this app is to promote iwsooos.com - a fake search engine. Our team has discovered the need dark browser hijacker while visiting a deceptive website. While anal