While analyzing malware samples submitted to VirusTotal, we encountered a ransomware variant known as Hgml. This specific ransomware is crafted to encrypt files and modify their filenames by adding the ".hgml" extension. Additionally, Hgml creates a ransom note that can be found within a file name
During our examination of malware samples on the VirusTotal page, we came across the Hgkd ransomware, which is part of the Djvu family. When this ransomware infiltrates a computer, it encrypts data and appends the ".hgkd" extension to filenames. For instance, a file named "1.jpg" becomes "1.jpg.hg
While investigating suspect sites, our research team found the systemsecurity[.]click webpage. It is designed to promote scams and browser notification spam. This page can also redirect visitors to other (likely unreliable/dangerous) websites. Users predominantly access systemsecurity[.]click and
Our researchers discovered the Dragon Baby browser extension during a routine inspection of deceptive webpages. After analyzing this piece of software, we determined that it is a browser hijacker. Dragon Baby makes changes to browser settings in order to promote the dragonboss.solutions fake sear
Our research team discovered the "Error Code: W9KA528V" technical support scam during a routine investigation of untrustworthy websites. It is presented as a warning from Microsoft Windows stating that the user's system has been blocked due to security concerns. This scam aims to trick victims int
After assessing the AdvancedUpdater application, we have noticed that it frequently displays intrusive ads. Apps of this type are categorized as adware. Users often install applications like AdvancedUpdater without fully comprehending the potential repercussions they could face. Adware-t
Our examination of the "Nehmeh Purchase Order" email revealed that it facilitates a phishing scam. The recipient is requested to review the specifications of a potential purchase provided in the attachment. The attached file targets email account log-in credentials. It must be stressed that this
RDP stealer is a malicious program that targets Remote Desktop Protocol (RDP) log-in credentials. Its developers are offering this stealer for sale on the Web. Hence, how this malware is distributed depends on the cyber criminals using it at the time. This stealer targets specific informat
In the course of our examination of the ParaceratheriumBugtiense browser extension, we came across troubling activities, including the activation of the "Managed by your organization" function in Chrome settings and the collection of user data. Our encounter with ParaceratheriumBugtiense stemmed f
Loda, a remote access trojan (RAT), has remained actively employed by various threat actors since 2016. Its capabilities encompass activities like password theft, collecting sensitive data, keylogging, screen capture, and disseminating additional malicious payloads. Typically, Loda is delivered vi