Arcane is an information stealer that collects sensitive data from infected systems, including gaming clients, VPNs, and network utilities. It is spread through fake YouTube videos offering game cheats. It is worth noting that a similarly named stealer exists, named Arcane Stealer V. But it bears
Mamona is a ransomware-type program that encrypts files and demands payment for their decryption. It adds a ".HAes" extension to the filenames of affected files. For example, a file originally named "1.jpg" appears as "1.jpg.HAes", "2.png" as "2.png.HAes", etc. After the completion of this proces
Data is ransomware we discovered during our routine analysis of malware samples uploaded to VirusTotal. This ransomware encrypts files and appends an email address and the ".data3" extension to them. Data also changes the desktop wallpaper and provides a ransom note in a file named "#Read-for-reco
We have inspected easydefender[.]site and found that it hosts the "TROJAN_2023 And Other Viruses Detected (5)" scam. Also, the site requests permission to show notifications. Usually, when pages like this one are allowed to send notifications, they bombard users with fake warnings and similar cont
Our inspection of the email has shown that it is a phishing email designed to look like a notification from the email service provider. Fraudsters utilize this scam email to trick recipients into disclosing personal information through a fake web page. Recipients should ignore this email to avoid
Our analysis of BinaryAnalog reveals that it functions as adware, generating intrusive and potentially deceptive advertisements. Multiple security vendors have also classified the app as malicious. Users are advised against installing BinaryAnalog and should remove it if it has already been inst
While investigating new submissions to the VirusTotal site, our research team discovered the UnitConsole application. After examining this app, we learned that it is adware. UnitConsole belongs to the AdLoad malware family. Adware stands for advertising-supported software. It usually dis
TriviaIndexer is a rogue app discovered by our researchers during a routine investigation of new file submissions to the VirusTotal platform. This application is advertising-supported software (adware) from the AdLoad malware family. Adware stands for advertising-supported software; its
After examining this "Update Your Domain Name System Security (DNSS)" email, we determined that it is spam. The message urges the implementation of an update to retrieve quarantined emails. This is a phishing campaign targeting email account log-in credentials (passwords). The spam email w
Our research team discovered the ProductiveDock rogue app while browsing new submissions to the VirusTotal site. Upon examination, we learned that this application is adware. ProductiveDock is part of the AdLoad malware family. Advertising-supported software (adware) is designed to generate reve