Our inspection of the "Alert! Mail Client Security Notification" email revealed that it is spam. The letter makes false claims regarding suspicious sign-in attempts to the recipient's email account. This spam mail aims to extract log-in credentials through a phishing website. The email wit
Allahu Akbar is a ransomware-type program that our research team discovered while investigating new malware submissions to the VirusTotal website. This malicious program is designed to encrypt data and demand payment for its decryption. On our testing system, Allahu Akbar ransomware encrypted fil
Duke is the general name for malware toolsets used by the APT29 APT (Advanced Persistent Threat) actor, also known as The Dukes, Cloaked Ursa, CozyBear, Nobelium, and UNC2452. APT29 is a Russian state-sponsored group associated with the Foreign Intelligence Service of the Russian Federation (SVR R
StandartInitiator is an adware-type application that we discovered while investigating new submissions to the VirusTotal website. This piece of advertising-supported software is part of the AdLoad malware family. StandartInitiator is designed to run intrusive advertisement campaigns by feeding u
"Stalled Funds - United Bank Of Africa" is a phishing email targeting recipients' personally identifiable and financial information. The letter aims to extract the highly sensitive data by falsely claiming that a nonexistent payment to the recipient, which has been unjustly stalled, will be transf
JanelaRAT is a Remote Access Trojan (RAT). It is a piece of sophisticated malicious software designed to enable remote access and control over compromised machines. JanelaRAT has been observed being implemented in attacks targeting Latin American banking and financial institutions. Based on the u
Our researchers found the Taqw ransomware-type program during a routine inspection of new submissions to VirusTotal. This piece of malicious software is part of the Djvu ransomware family. Programs within the ransomware classification are designed to encrypt data and demand payment for its decrypt
Agniane is a stealer – a type of malware designed to extract and exfiltrate sensitive information from infected machines. This stealer is heavily focused on stealing cryptocurrency-related data. After infiltrating a system, Agniane begins collecting device data, e.g., device name, CPU, GPU
NightClub is the name of a malware that has spyware and data-stealing capabilities. This program has at least four versions, with the earliest variant dating back to 2014. NightClub malware is used by a threat actor dubbed MoustachedBouncer. This group has been around for nearly a decade and almo
We discovered the MotionOptimizer application during a routine investigation of new submissions to the VirusTotal site. Our analysis revealed that this app is advertising-supported software (adware) and that it belongs to the AdLoad malware family. Adware is designed to generate revenue