"Stalled Funds - United Bank Of Africa" is a phishing email targeting recipients' personally identifiable and financial information. The letter aims to extract the highly sensitive data by falsely claiming that a nonexistent payment to the recipient, which has been unjustly stalled, will be transf
JanelaRAT is a Remote Access Trojan (RAT). It is a piece of sophisticated malicious software designed to enable remote access and control over compromised machines. JanelaRAT has been observed being implemented in attacks targeting Latin American banking and financial institutions. Based on the u
Our researchers found the Taqw ransomware-type program during a routine inspection of new submissions to VirusTotal. This piece of malicious software is part of the Djvu ransomware family. Programs within the ransomware classification are designed to encrypt data and demand payment for its decrypt
Agniane is a stealer – a type of malware designed to extract and exfiltrate sensitive information from infected machines. This stealer is heavily focused on stealing cryptocurrency-related data. After infiltrating a system, Agniane begins collecting device data, e.g., device name, CPU, GPU
NightClub is the name of a malware that has spyware and data-stealing capabilities. This program has at least four versions, with the earliest variant dating back to 2014. NightClub malware is used by a threat actor dubbed MoustachedBouncer. This group has been around for nearly a decade and almo
We discovered the MotionOptimizer application during a routine investigation of new submissions to the VirusTotal site. Our analysis revealed that this app is advertising-supported software (adware) and that it belongs to the AdLoad malware family. Adware is designed to generate revenue
XI New Tab is a rogue extension promising to display browser wallpapers. Our research team discovered it while investigating untrustworthy websites. After analyzing XI New Tab, we learned that it makes modifications to browser settings in order to promote (through redirects) the xitabs.com fake s
Knight ransomware is the rebrand of Cyclops. Malware within this classification is designed to encrypt files and demand ransoms for their decryption. When we executed a sample of Knight on our test system, it began encrypting files and appended their filenames with a ".knight_l" extension. For ex
While inspecting new submissions to the VirusTotal website, our researchers discovered the Tasa malicious program. It is part of the Djvu ransomware family. Programs within this classification operate by encrypting data and making ransom demands for its decryption. After we launched a sample of T
Our research team discovered another ransomware from the Djvu family called Taoy during a routine inspection of new submissions to the VirusTotal website. Ransomware is designed to encrypt data and demand payment for its decryption. On our test machine, Taoy encrypted files and appended their tit