Our team discovered YE1337 ransomware during an inspection of samples uploaded to VirusTotal. Once executed, YE1337 encrypts files and appends its extension (".YE1337"). It also drops a ransom note ("YE1337_read_me.txt") and changes the victim's desktop wallpaper. An example of how files encrypte
FireScam is malware targeting Android devices. Threat actors spread the malware through a fake Telegram Premium app on a phishing site. FireScam infects devices with a dropper APK. The malware avoids detection and steals data by using popular services like Firebase. It should be eliminated from in
Our discovery of Contacto occurred while inspecting malware samples submitted to VirusTotal. During examination, we found that Contacto is ransomware designed to encrypt and rename files, create a ransom note ("Contacto_Help.txt"), and change the desktop wallpaper. Contacto appends the ".Contacto"
We have inspected search-great.com and discovered that it is a fake search engine promoted by unwanted extensions that function as browser hijackers. One of the browser hijackers promoting search-great.com is My Horoscope Pro. Users should not trust search-great.com or the extensions promoting it.
We have inspected the email and concluded that it is a phishing email disguised as a notification regarding a successfully adjusted chargeback. It includes a link to a deceptive web page where recipients are instructed to enter personal information. Such emails should be ignored to avoid potential
During our analysis of Weisx App, we found that it has unclear functionality and no apparent purpose. Moreover, the app is distributed using questionable tactics and likely bundled with unwanted software. For these reasons, we consider Weisx App to be an unwanted application. Users should avoid in
Our examination of octagonfind.com has revealed that it is a fake search engine promoted through a dubious extension (Octagon Find) that functions as a browser hijacker. Fake search engines can expose users to a variety of online threats. Therefore, users should never use them and eliminate extens
Our team has inspected the email and determined that it is a fraudulent email disguised as a business message. It is designed to lure recipients into opening a fake website and disclosing personal information. Such scams are known as phishing attacks. Users should recognize these scams and avoid e
SwaetRAT is a Remote Access Trojan (RAT) developed as a 32-bit application using the .NET framework. This type of malware allows attackers to gain unauthorized control over a victim’s system, enabling them to monitor activities, steal sensitive information, and execute other malicious actions remo
Nitrogen is ransomware designed to encrypt files on the infected device. Cybercriminals were observed targeting the construction, financial services, manufacturing, and technology sectors. Upon file encryption, the targeted files have the ".NBA" extension, and a ransom note ("readme.txt") is creat