Our researchers discovered Novalock while reviewing new submissions to the VirusTotal website. This malicious program is part of the GlobeImposter ransomware family. Novalock encrypts files and demands payment for the decryption. On our test machine, this ransomware encrypted files and appended t
We have reviewed the email and determined that its goal is to harvest information from recipients. The email is disguised as a fraudulent activity alert notice from Webmail. The scammers behind this email aim to trick recipients into opening the included website to steal their details. Users shoul
CoinLurker is a stealer-type malware. Programs within this classification are designed to extract sensitive data from infected systems. CoinLurker is a targeted stealer that seeks information related to cryptocurrency wallets. CoinLurker is a stealer with significant anti-detection capabil
Our deconstruction has shown that this email is designed to extract personal information from unsuspecting recipients. Thus, we classified it as a phishing email. The scammers behind the email are pretending to be an email service provider to lure users into opening a fake website. Recipients shou
Secplaysomware is ransomware that our team discovered while examining malware samples submitted to VirusTotal. Once infiltrated, Secplaysomware encrypts files, appends its extension (".qwerty") to filenames, and creates a text file (a ransom note named "UNLOCK_README.txt"). For instance, it rename
During a routine inspection of new file submissions to the VirusTotal platform, our researchers discovered the SourceManager app. Upon examination, we learned that this application is advertising-supported software (adware). SourceManager is part of the AdLoad malware group. Adware aims
Wrop Appq is a Potentially Unwanted Application (PUA). Our researchers discovered this app promoted by a scam page found during a routine investigation of a Torrenting website that utilizes rogue advertising networks. Unwanted applications typically possess harmful capabilities and tend to infilt
After inspecting this "You Have A New Purchase Order" email, we learned that it is spam. It is a fake notification alerting recipients of a new purchase order. With this lure, the email entices users into visiting a phishing website that targets account log-in credentials. The spam email w
SUPERLOCK is a ransomware-type virus designed to encrypt files and demand ransoms for the decryption. This program changes the names of locked files by appending them with a ".victim's_ID.superlock" extension. To elaborate, a file initially titled "1.jpg" could appear as "1.jpg.08499B3C3DB52104.su
Our examination of the email has shown that it is a scam email imitating a notification from DHL. Scammers crafted this fraudulent email to lure recipients into revealing personal information on a fake web page. Such emails are classified as phishing emails. Users should be able to recognize such