Our research team discovered the unlockcontent[.]org rogue page during a routine inspection of suspicious websites. Upon investigation, we determined that this webpage endorses browser notification spam and generates redirects to different (likely unreliable/malicious) sites. The majority of visi
WmRAT is malware that functions as a standard Remote Access Trojan (RAT). This RAT is written in C++ and can perform multiple malicious activities. WmRAT was observed being used by cybercriminals to target government, energy, telecom, defense, and engineering sectors in Europe, the Middle East, Af
Our research team found the contus[.]sbs rogue page while investigating untrustworthy websites. This page promotes browser notification spam and redirects users to other (likely dubious/dangerous) sites. Contus[.]sbs and analogous webpages are primarily accessed through redirects produced by webs
MiyaRAT is a Remote Access Trojan written in the C++ programming language. It is capable of taking screenshots, enumerating files, executing commands, and more. MiyaRAT is known to be used by a specific group of cybercriminals to target the government, energy, telecommunications, defense, and engi
Our researchers discovered Novalock while reviewing new submissions to the VirusTotal website. This malicious program is part of the GlobeImposter ransomware family. Novalock encrypts files and demands payment for the decryption. On our test machine, this ransomware encrypted files and appended t
We have reviewed the email and determined that its goal is to harvest information from recipients. The email is disguised as a fraudulent activity alert notice from Webmail. The scammers behind this email aim to trick recipients into opening the included website to steal their details. Users shoul
CoinLurker is a stealer-type malware. Programs within this classification are designed to extract sensitive data from infected systems. CoinLurker is a targeted stealer that seeks information related to cryptocurrency wallets. CoinLurker is a stealer with significant anti-detection capabil
Our deconstruction has shown that this email is designed to extract personal information from unsuspecting recipients. Thus, we classified it as a phishing email. The scammers behind the email are pretending to be an email service provider to lure users into opening a fake website. Recipients shou
Secplaysomware is ransomware that our team discovered while examining malware samples submitted to VirusTotal. Once infiltrated, Secplaysomware encrypts files, appends its extension (".qwerty") to filenames, and creates a text file (a ransom note named "UNLOCK_README.txt"). For instance, it rename
During a routine inspection of new file submissions to the VirusTotal platform, our researchers discovered the SourceManager app. Upon examination, we learned that this application is advertising-supported software (adware). SourceManager is part of the AdLoad malware group. Adware aims