PartiZAN32 is a ransomware variant from the Xorist family. Our team discovered PartiZAN32 during an analysis of samples uploaded to the VirusTotal website. PartiZAN32 encrypts files, appends its extension (".xqwertzuioplkjhgfyxcvbnmD") to filenames, and changes the desktop wallpaper. Also, it pro
After reading this "Seeking Partnership Investment" email, we determined that it is spam. The scam letter was supposedly sent by an officer of a US bank; they want to establish a partnership with the recipient wherein they will pretend to be a relative of a deceased millionaire. Through this schem
We have tested the FIIND browser extension and discovered that it changes the settings of a web browser to promote a fake search engine. Extensions of this type are known as browser hijackers. Users often get tricked into adding such apps to their browsers. Thus, FIIND and similar extensions shoul
News-yahita[.]com is a rogue page discovered by our research team during a routine inspection of suspicious websites. This webpage promotes browser notification spam and generates redirects to different (likely unreliable or dangerous) sites. Pages like news-yahita[.]com are primarily accessed vi
Our analysis of the page (in-online[.]eu) which is promoted via email has shown that it is a scam website masquerading as a page hosting a cryptocurrency giveaway. It claims that individuals can collect rewards in return for participation. However, the true purpose of this scam page is to steal cr
Upon inspection of the "Specification For The Item Requested" email, we determined that it is spam. This letter is presented as a quote request for specified items. The phishing mail targets the recipient's company data. However, the goal of this campaign may be to entangle victims in a complex s
Upon inspecting transiouratwat[.]com, we concluded that the purpose of this site is to trick users into consenting to receive notifications from it. Transiouratwat[.]com uses a technique known as clickbait to lure users into granting it that permission. Web pages like transiouratwat[.]com should b
Our research team discovered news-vukihu[.]com while investigating untrustworthy sites. After our inspection, we determined that it is a rogue webpage that promotes browser notification spam and redirects users to other (likely dubious/malicious) pages. Most visitors to news-vukihu[.]com and simi
While examining search-fine.com, we noticed that this is a fake search engine because it does not provide its search results. It is common for search engines like search-fine.com to be promoted via extensions known as browser hijackers. These extensions operate by altering the settings of web brow
Waqa is ransomware from the Djvu family that encrypts files and appends its extension (".waqa") to filenames. Also, Waqa drops a ransom note (a text file named "_readme.txt"). It is common for ransomware variants from the Djvu family to be delivered alongside information stealers like RedLine and