After inspecting the "MEE6 Connect" (mee6-connect[.]xyz) website, we determined that it is fake. It imitates the official site of the MEE6 Discord bot (mee6.xyz). This imitator claims to provide services/information relating to digital assets. The goal is to trick users into exposing their cryptow
The "Your Password Changed" spam email impersonates a notification relating to a password change on the recipient's mail account. The purpose of this fake letter is to lure recipients into visiting a phishing website that targets email log-in credentials (passwords). It must be emphasized that thi
NICECURL is a VBScript-based backdoor malware capable of downloading additional modules, including modules created to gather various information and execute arbitrary commands. It is known that NICECURL is distributed via spear-phishing campaigns and controlled via HTTPS. Another backdoor malware
Upon examining the "Virus Activities Were Detected" email, we determined it is spam. This mail makes false claims regarding virus-related activity detected on the recipient's account. The goal is to deceive victims into providing their email log-in credentials to a phishing site. The spam
TAMECAT is a PowerShell backdoor distributed via phishing attacks. This malware provides threat actors with access to computers. Cybercriminals can use TAMECAT to control infected devices and steal various data. Cybercriminals behind TAMECAT are known for distributing another backdoor malware dubb
Our researchers discovered the MALARIA VIRUS ransomware while investigating new submissions to the VirusTotal site. This malicious program is based on Chaos ransomware. After we executed a sample of MALARIA VIRUS on our test machine, it encrypted files and changed their filenames. Original titles
Baaa operates as ransomware, a type of malware that encrypts files. Also, Baaa renames files by appending its extension (".baaa") to filenames (e.g., it renames "1.jpg" to "1.jpg.baaa", "2.png" to "2.png.baaa", and so forth. Additionally, it provides a ransom note, a text file named "_README.txt".
Qehu is a type of ransomware that encrypts files, adds the ".qehu" extension to their filenames, and provides a ransom note ("README.txt"). For instance, it changes "1.jpg" to "1.jpg.qehu" and "2.png" to "2.png.qehu". We encountered Qehu while analyzing malware samples submitted to VirusTotal. It
Qepi is ransomware designed to encrypt files, append the ".qepi" extension to filenames, and provide a ransom note ("README.txt"). We discovered Qepi during an analysis of malware samples submitted to VirusTotal. It is important to mention that Qepi is part of the Djvu family and may be distribute
Colorattaches[.]com is a rogue page discovered by our research team during a routine investigation of dubious websites. Upon examination, we determined that this webpage uses fake CAPTCHA verification to push browser notification spam. Additionally, it can redirect users to other (likely dubious/m