Zsszyy is ransomware our team discovered while inspecting malware samples submitted to VirusTotal. Ut is identical to other ransomware known as Tianrui, Hush, and MoneyIsTime. Zsszyy's purpose is to encrypt files. Also, it appends the victim's ID and the ".zsszyy" extension to files, and drops a r
Bee RAT is a Remote Access Trojan that allows cybercriminals to perform malicious activities on infected devices. With Bee RAT, threat actors can access and control infected devices remotely. RATs are usually employed to steal sensitive information, deploy additional payloads, or for other malicio
While browsing questionable websites, our research team discovered newsandads[.]top. This rogue page promotes browser notification spam and redirects visitors to other (likely untrustworthy/dangerous) sites. Most users access newsandads[.]top and analogous webpages via redirects caused by website
Highlevelnetwork.co[.]in is a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. Upon inspection, we learned that this page endorses browser notification spam and produces redirects to other (likely unreliable/dangerous) websites. The majority of users
Moroccan Dragon is the name of a ransomware-type program. It is designed to encrypt files and demand payment for the decryption. On our testing system, Moroccan Dragon encrypted files and appended their names with a ".vico" extension. To elaborate, an original filename like "1.jpg" became "1.jpg.
After inspecting this "Payment Schedule Document" email, we determined that it is spam. This message claims that the recipient was sent a document detailing the payment schedule for the month. This email is fake, and its goal is to lure victims into visiting a phishing website that targets account
PlayPraetor is a trojan-type malware targeting Android devices. It is a multi-functional program capable of stealing a wide variety of information from compromised systems. PlayPraetor has been spread through a massive campaign utilizing fake Google Play Store webpages. PlayPraetor is prol
We have inspected bedoq[.]info and learned that its purpose is to deceive visitors into agreeing to receive its notifications. Once this is achieved, bedoq[.]info sends dubious notifications to promote other potentially malicious websites. Users should avoid bedoq[.]info and never permit it to sho
We have reviewed cqwyjj[.]click and determined that it is a deceptive site created to manipulate visitors into granting permission for notifications. Once permission is given, cqwyjj[.]click displays misleading notifications that promote other questionable websites. Therefore, this site should be
KoSpy is spyware targeting Android users who speak Korean and English. It masquerades as utility apps, employs a two-stage C2 infrastructure, and gathers a wide range of data from compromised devices. The malware is distributed through Google Play and third-party app stores such as APKPure.