While analyzing malware samples on the VirusTotal platform, we encountered the Ooza ransomware belonging to the Djvu family. Once this ransomware gains access to a computer, it encrypts data and adds the ".ooza" extension to file names. As an example, a file originally named "1.jpg" is transformed
Our researchers discovered the knaws[.]top rogue page while investigating questionable websites. This webpage promotes online scams and browser notification spam. It can also redirect users to different (likely dubious/malicious) sites. Most visitors to knaws[.]top and similar pages access them t
DriveDataCache is an adware-type app discovered by our researchers during a routine investigation of new file submissions to the VirusTotal site. This piece of software is part of the AdLoad malware family. It is designed to feed users with undesirable and potentially malicious advertisements.
Our inspection of the "How I Earned Bitcoins" email revealed that it is spam. The letter aims to redirect recipients to a scam website by claiming that the sender has earned 12600 BTC (Bitcoin cryptocurrency). The promoted site aims to trick recipients into transferring their own Bitcoins to the l
After reviewing the "Central Bank Of Nigeria" email, we determined that it is spam. The scam letter details fraudulent financial activities in Nigeria; it claims that during restructuring processes, it was decided that the recipient is eligible to receive their payment. By promising millions of do
After conducting a thorough review, our team has established that the intent behind this email is to trick recipients into disclosing their personal information. These emails are classified as phishing attempts, and in this specific situation, the scammers masquerade as an email service provider w
Sponsor is a malware variant that operates as a backdoor. It has been identified in cyberattacks directed at various sectors, including healthcare, manufacturing, retail, insurance, communications, and telecommunications companies, among others. Sponsor backdoor is coded using the C++ programming
MetaStealer is a type of malware designed to target Mac users. Its primary objective is to obtain sensitive information from its victims. This malicious software is built using the Go programming language. Once infiltrated, MetaStealer poses a significant threat to the privacy and security of Ma
HijackLoader is a loader-type malware. It is designed to cause chain infections, i.e., download/install additional malware onto infected machines. HijackLoader is rather basic in and of itself – however, it relies on multiple modules to greatly expand its arsenal of features. This loader has been
Phoenix refers to a backdoor malware specifically designed to target Android users. In general, backdoor malware like Phoenix is a type of malicious software that clandestinely gains access to a user's device, potentially compromising its security and privacy. Thus, victims of the Phoenix attacks