TAMECAT is a PowerShell backdoor distributed via phishing attacks. This malware provides threat actors with access to computers. Cybercriminals can use TAMECAT to control infected devices and steal various data. Cybercriminals behind TAMECAT are known for distributing another backdoor malware dubb
Our researchers discovered the MALARIA VIRUS ransomware while investigating new submissions to the VirusTotal site. This malicious program is based on Chaos ransomware. After we executed a sample of MALARIA VIRUS on our test machine, it encrypted files and changed their filenames. Original titles
Baaa operates as ransomware, a type of malware that encrypts files. Also, Baaa renames files by appending its extension (".baaa") to filenames (e.g., it renames "1.jpg" to "1.jpg.baaa", "2.png" to "2.png.baaa", and so forth. Additionally, it provides a ransom note, a text file named "_README.txt".
Qehu is a type of ransomware that encrypts files, adds the ".qehu" extension to their filenames, and provides a ransom note ("README.txt"). For instance, it changes "1.jpg" to "1.jpg.qehu" and "2.png" to "2.png.qehu". We encountered Qehu while analyzing malware samples submitted to VirusTotal. It
Qepi is ransomware designed to encrypt files, append the ".qepi" extension to filenames, and provide a ransom note ("README.txt"). We discovered Qepi during an analysis of malware samples submitted to VirusTotal. It is important to mention that Qepi is part of the Djvu family and may be distribute
Colorattaches[.]com is a rogue page discovered by our research team during a routine investigation of dubious websites. Upon examination, we determined that this webpage uses fake CAPTCHA verification to push browser notification spam. Additionally, it can redirect users to other (likely dubious/m
While inspecting new file submissions to the VirusTotal site, our research team discovered the ProjectRootEducate app. After analyzing it, we learned that this application is adware from the AdLoad malware family. ProjectRootEducate is designed to generate revenue for its developers through adve
While investigating suspicious websites, our researchers discovered the datingkoe[.]info rogue webpage. It operates by promoting browser notification spam and redirecting users to other (likely untrustworthy/dangerous) sites. Most visitors to datingkoe[.]info and pages akin to it access them thro
We have examined the email and determined that it is a phishing email intended to steal personal information and (or) money from unsuspecting individuals. This scam email is disguised as a notification from PayPal regarding an invoice. Recipients should ignore this email. As we mentioned i
OpenProcess is a piece of software that is classified as adware. Our researchers found this application during a routine investigation of new file submissions to the VirusTotal platform. OpenProcess belongs to the AdLoad malware family, and it runs intrusive advertisement campaigns. Adwa