A recently discovered macOS malware called KandyKorn has been found in an attack linked to the North Korean Lazarus hacking group. Their targets are blockchain engineers who work with cryptocurrency exchange platforms. The attackers pretend to be part of the cryptocurrency community on Discord t
During our analysis of malware samples on the VirusTotal platform, we came across the Yzqe ransomware, which is associated with the Djvu family. When it infects a computer, this ransomware encrypts data and appends the ".yzqe" extension to file names. For instance, a file named "1.jpg" would be al
While examining malware samples submitted to VirusTotal, we encountered the Yzoo ransomware, which has ties to the Djvu family. In the event of a computer becoming infected with Yzoo, it proceeds to encrypt files and add the ".yzoo" extension to their original file names. For example, "1.jpg" woul
Our research team found the DeepInDeep ransomware while reviewing new malware submissions to VirusTotal. This program is part of the Phobos ransomware family. Ransomware is designed to encrypt files and demand ransoms for its decryption, and DeepInDeep is not an exception. This malware alters the
Our researchers found the TOPAPP browser extension while investigating suspicious sites. The webpage endorsed TOPAPP as a tool for quick access to popular online platforms. However, our analysis revealed that this extension operates as browser-hijacking software. It modifies browser settings in o
Our researchers discovered the Ran ransomware during a routine inspection of new submissions to the VirusTotal site. Designed to encrypt data to demand payment, the Ran malware also alters the titles of affected files. On our test machine, this ransomware added the ".Ran" extension to filenames,
While examining malware samples submitted to VirusTotal, we came across a ransomware variant referred to as Yzaq. This ransomware has been designed to encrypt files and change their filenames by appending the ".yzaq" extension. Moreover, Yzaq generates a ransom note, typically found in a file name
Qwik Biz Tools is a rogue browser extension promising quick access to various tools commonly used in business. Our research team discovered this software's "official" promotional webpage during a routine investigation of deceptive sites. After analyzing this extension, we determined that it is a
While inspecting spam emails, we discovered the "Bitcoin Mining" scam. This scheme is promoted on the Web. It claims that the user has been inactive on this automatic Bitcoin cloud mining platform for a long time – however, the amount of cryptocurrency mined can be retrieved. It must be stressed
While investigating new malware submissions to the VirusTotal platform, our researchers found a ransomware-type program titled Whole. We determined that it is based on the Keylock ransomware. This malicious program encrypts data to demand ransoms for its decryption. On our test machine, Whole enc