In the course of inspection of malware samples provided on the VirusTotal platform, a Djvu member dubbed Mzhi has been discovered. Mzhi encrypts files and modifies their filenames by adding the ".mzhi" extension. Additionally, Mzhi is programmed to generate a text file named "_readme.txt", which c
ZenRAT is the name of a Remote Access Trojan (RAT) that has been around since at least the summer of 2023. This malware has data-stealing capabilities and can implement modules for additional functionality. The latter means that this trojan may be transformed into a highly versatile piece of malic
During an examination of an untrustworthy installer downloaded from an unreliable website, we encountered the VulpesVulpes browser extension. Our investigation uncovered concerning characteristics associated with this app, which included its ability to activate the "Managed by your organization" f
Following an evaluation of the ZenSearch application, it has determined that its primary purpose is to function as a browser hijacker with the aim of promoting the fake search engine, search.zensearch.online. This extension alters browser settings to assert control over the user's browsing experie
While reviewing new malware submissions to the VirusTotal platform, we discovered the DOOK ransomware-type program. It is part of the Dharma ransomware family. On our testing system, DOOK encrypted files and appended their filenames with a unique ID assigned to the victim, the cyber criminals' em
Upon assessing PrimeVersion, it has become evident that its primary function is to flood users with intrusive advertisements, categorizing it as adware. It is worth emphasizing that such applications are frequently promoted and disseminated through misleading tactics, which can lead users to ins
AtlasAgent refers to a Trojan designed for the purpose of acquiring host data and system processes, restricting the simultaneous execution of multiple programs, inserting designated shellcodes, and retrieving files from Command and Control servers. The AtlasAgent Trojan is a DLL application coded
Following an examination, we have determined that the purpose of this email is to deceive recipients into revealing their personal information. These emails are categorized as phishing attempts, and in this particular scenario, the perpetrators impersonate an email service provider to persuade rec
After an evaluation of ProductionInteractive, it has become clear that its main purpose is to inundate users with intrusive advertisements, classifying it as adware. It is important to note that such applications are often promoted and distributed through deceptive methods, leading users to inst
Our research team found the fieryforgekeeper[.]top rogue page while investigating dubious websites. It promotes browser notification spam and redirects users to different (likely unreliable/harmful) sites. Users predominantly enter pages like fieryforgekeeper[.]top via redirects caused by website