PepeCry is ransomware discovered during an analysis of samples uploaded to the VirusTotal website. PepeCry is designed to encrypt files (which makes them inaccessible), add the ".cry" extension to filenames, and display a ransom note. An example of how PepeCry modifies filenames: it renames "1.jpg
RosaCanina is a browser extension that has come under scrutiny when examining a malicious installer hosted on a suspicious website. This browser extension possesses several noteworthy capabilities, some of which have raised concerns regarding user privacy and browser security. One signific
Myabsconds[.]com is a rogue webpage discovered by us during a routine investigation of dubious sites. It is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/malicious) websites. Users primarily access pages like myabsconds[.]com through redirects gen
Our research team discovered the Best Friend Backgrounds browser extension during a routine investigation of untrustworthy sites. This extension promises to display canine-themed browser wallpapers. After analyzing this piece of software, we determined that it is a browser hijacker. Best Friend B
After reviewing "Bank Of America - Fund Transfer", we determined that it is a phishing email. This letter name-drops several genuine entities and claims that through their joint efforts, a large monetary fund will be dispersed between 700,000 people across America, Europe, and Asia – and the email
Millenium malware is a Remote Access Trojan (RAT) written in C++. Programs categorized as such are designed to enable attackers to have remote access and control over infected machines. RATs tend to be highly versatile, and Millenium is not an exception. It can execute various commands on compromi
GoldDigger is an Android Trojan with a focus on financial institutions, having been operational since at least June 2023. This Trojan camouflages itself as a counterfeit Android app, capable of mimicking both a Vietnamese government portal and a local energy firm, all with the primary objective of
After reviewing the "A Payment Has Been Posted On Your Card" email, we determined that it is fake. Presented as a notification from American Express, it claims that the recipient has been given a reward payment. The letter instructs to download and access the attachment, thus validating the payme
Carnivora is a malicious browser extension that has been discovered during analysis of a malicious installer hosted on a suspicious website. Carnivora is capable of performing actions such as adding the "Managed by your organization" feature to browsers, managing themes and extensions, and reading
SaveLock is a ransomware-type program discovered during a routine investigation of new submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family. SaveLock operates by encrypting data to demand ransoms for its decryption. On our testing system, this r