During our analysis of samples uploaded to the VirusTotal page, we discovered a ransomware variant belonging to the Djvu family known as Watz. This variant encrypts files and adds its extension (".watz") to filename. For instance, it changes "1.jpg" to "1.jpg.watz" and "2.png" to "2.png.watz". Als
We have analyzed undenentionin[.]com and found that this page is designed to trick visitors into permitting it to deliver notifications. Once this permission is granted, the website bombards users with various spam notifications, including deceptive ones. Users who have granted notification permis
CarnavalHeist is a banking Trojan targeting users in Brasil. It is capable of stealing banking credentials and performing other actions. Having a device infected with CarnavalHeist can result in financial loss, identity theft, and other issues. Thus, CarnavalHeist should be eliminated from comprom
Our inspection of this "American Express - Username/Password Has Been Updated" email revealed that it is fake. The spam letter states that the log-in credentials for the recipient's American Express account have been changed. If they do not recognize this activity – they can keep their old usernam
After inspecting this "Commerzbank" email, we determined that it is fake. This spam letter requests the recipient to provide their identification to avoid cessation of their banking services. It must be emphasized that the claims made by this email are false, and this mail is not associated with
Our research team discovered the realilitnow[.]club rogue webpage while browsing suspicious sites. After analyzing this page, we determined that it endorses browser notification spam and redirects visitors to other (likely untrustworthy/dangerous) websites. Most users enter realilitnow[.]club and
CiviApp is the name of a Potentially Unwanted Application (PUA). Software within this classification typically possesses undesirable and possibly malicious capabilities. PUAs tend to infiltrate systems in bundles (alongside other software), which is true of the installer carrying CiviApp that we a
PartiZAN32 is a ransomware variant from the Xorist family. Our team discovered PartiZAN32 during an analysis of samples uploaded to the VirusTotal website. PartiZAN32 encrypts files, appends its extension (".xqwertzuioplkjhgfyxcvbnmD") to filenames, and changes the desktop wallpaper. Also, it pro
After reading this "Seeking Partnership Investment" email, we determined that it is spam. The scam letter was supposedly sent by an officer of a US bank; they want to establish a partnership with the recipient wherein they will pretend to be a relative of a deceased millionaire. Through this schem
We have tested the FIIND browser extension and discovered that it changes the settings of a web browser to promote a fake search engine. Extensions of this type are known as browser hijackers. Users often get tricked into adding such apps to their browsers. Thus, FIIND and similar extensions shoul