VietCredCare, an information-stealing tool previously unidentified, has been circulating since at least August 2022. This software, distributed through a stealer-as-a-service model, is believed to be managed by individuals proficient in Vietnamese. Typically, malware of this type is utilized for h
Xehook is a stealer written in the C# programming language. It is an incredibly lightweight program, ranging between 140-160 KB in size. This data-stealing malware was unveiled in late January 2024, which closely coincides with a public share of the code for restoring dead cookies on the Google Ch
When examining foupeethaija[.]com, we noted that it displays deceptive content (uses clickbait) to lure visitors into consenting to receive notifications from the page. Also, foupeethaija[.]com can redirect users to other websites. Thus, it is strongly recommended that users do not trust foupeetha
Our researchers discovered the Taliban Skull ransomware while reviewing new malware submissions to VirusTotal. This ransomware is designed to encrypt data and demand payment for the decryption. After we executed a sample of Taliban Skull on our testing system, it encrypted files and altered their
When examining malware samples submitted to the VirusTotal website, we discovered a ransomware variant known as Bl00dyAdmin. This ransomware encrypts data and renames encrypted files by appending the ".CRYPT" extension. Also, Bl00dyAdmin creates the "Read_instructions_To_Decrypt.txt" file containi
During our examination of the Wappo.app application, it was discovered that it functions as adware. Also, this app is part of the Pirrit family. Upon installation, Wappo.app exhibits bothersome and potentially deceptive advertisements. Additionally, this application may possess the ability to ac
XznShirkiCry is ransomware that we discovered while inspecting malware samples submitted to VirusTotal. XznShirkiCry is designed to encrypt data, append a specific extension to filenames, change the desktop wallpaper, and create a ransom note ("read_me.txt"). XznShirkiCry appends ".locked[payrans
While scrutinizing the Adventure Wallpaper Extension application, it was revealed that it is a browser extension created to hijack browsers by changing their settings. When added, Adventure Wallpaper Extension forces users to visit a specific website. It is advisable to remove apps of this type fr
During our assessment, we discovered that ChannelDevice is a dubious application crafted to exhibit unwanted advertisements. Consequently, we have categorized ChannelDevice as adware. Users should avoid installing such applications and promptly remove them from affected computers or browsers.
EssentialManager is the name of a rogue application that we discovered during a routine investigation of new submissions to VirusTotal. After inspecting this app, we determined that it is advertising-supported software (adware) from the AdLoad malware family. EssentialManager is designed to gen