PatchWorkApt is a ransomware variant based on Chaos. It has been discovered while examining malware samples uploaded to VirusTotal. Upon infiltrating a computer, PatchWorkApt encrypts files, appends a string of random characters to filenames, and creates the "look_this.txt" file (a ransom note).
CanisLupusGregoryi was discovered as a dubious application while examining a malicious installer downloaded from an untrustworthy page. This application has the ability to enable the "Managed by your organization" feature in Chrome and Edge browsers, read various data, and manage extensions and th
While investigating new malware submissions to the VirusTotal website, our researchers discovered the 3000USDAA ransomware. This program operates by encrypting data and demanding payment for its decryption. 3000USDAA encrypted files and appended their names with the attackers' email address and a
Upon inspection of the "DHL Agreement Documents" email, we determined that it is spam. This letter is disguised as a notification from DHL Express – the mail service of the DHL logistics company. It claims to contain copies of documentation as an attachment. However, it is a phishing file targetin
Our researchers discovered an installer containing CastaneaSativa during a routine investigation of deceptive sites. Upon analysis, we learned that this malicious extension tracks browsing data and modifies browsers. CastaneaSativa is capable of managing the apps, extensions, themes, and o
"QQL Mint Pass" is a scam that operates as a crypto drainer. This scheme is modeled on the QQL generative art collaborative experiment that is linked to the Archipelago platform. The QQL algorithm allows users who possess a Mint Pass to create (mint) official QQL NFTs (Non-Fungible Tokens) with th
After a thorough examination, the determined outcome is that this appears to be a fraudulent scheme posing as a giveaway (in the form of an airdrop event) supposedly organized by Binance and MetaMask. It has been devised by scammers with the intent of pilfering cryptocurrency from unsuspecting ind
Earthheartsmith[.]top is the address of a rogue webpage discovered by our researchers during a routine inspection of dubious sites. After investigating this page, we determined that it is designed to promote browser notification spam and redirect visitors to other (likely unreliable/harmful) websi
In the process of our assessment, it has surfaced that this is a scam email masquerading as a notification from COETZEE & FISHER ATTORNEYS. Scammers behind this email aim to trick recipients into believing that they can receive a large sum of money. Emails of this kind are used to extract pers
Karsovrop is a malicious program classed as ransomware; it encrypts data and demands ransoms for its decryption. Our research team discovered Karsovrop during a routine investigation of new submissions to the VirusTotal website. This ransomware encrypted files and altered their filenames on our t