Our research team discovered the Best Friend Backgrounds browser extension during a routine investigation of untrustworthy sites. This extension promises to display canine-themed browser wallpapers. After analyzing this piece of software, we determined that it is a browser hijacker. Best Friend B
After reviewing "Bank Of America - Fund Transfer", we determined that it is a phishing email. This letter name-drops several genuine entities and claims that through their joint efforts, a large monetary fund will be dispersed between 700,000 people across America, Europe, and Asia – and the email
Millenium malware is a Remote Access Trojan (RAT) written in C++. Programs categorized as such are designed to enable attackers to have remote access and control over infected machines. RATs tend to be highly versatile, and Millenium is not an exception. It can execute various commands on compromi
GoldDigger is an Android Trojan with a focus on financial institutions, having been operational since at least June 2023. This Trojan camouflages itself as a counterfeit Android app, capable of mimicking both a Vietnamese government portal and a local energy firm, all with the primary objective of
After reviewing the "A Payment Has Been Posted On Your Card" email, we determined that it is fake. Presented as a notification from American Express, it claims that the recipient has been given a reward payment. The letter instructs to download and access the attachment, thus validating the payme
Carnivora is a malicious browser extension that has been discovered during analysis of a malicious installer hosted on a suspicious website. Carnivora is capable of performing actions such as adding the "Managed by your organization" feature to browsers, managing themes and extensions, and reading
SaveLock is a ransomware-type program discovered during a routine investigation of new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family. SaveLock operates by encrypting data to demand ransoms for its decryption. On our testing system, this r
It has been discovered that SignalUpdater falls into a category known as adware, which is software designed to bombard users with intrusive advertisements. Adware developers often distribute it by using deceptive methods. The modus operandi of apps like SignalUpdater raises several concerns, inc
During analysis of malware samples submitted to the VirusTotal website, a ransomware variant belonging to the MedusaLocker family dubbed Infected has been discovered. Infected restricts access to files by encrypting them and renames them by appending the ".infected" extension. Also, this ransomwar
Following an assessment of the ShoutSystem app, it became apparent that its primary aim is to inundate users with intrusive advertisements. To put it differently, ShoutSystem operates as adware. It is common for applications like ShoutSystem to be disseminated using deceptive methods. They often