LOCK2023 is ransomware that our malware researchers discovered while examining samples submitted to the VirusTotal website. LOCK2023 encrypts files, provides a ransom note ("README.txt"), and appends the ".LOCK2023" extension to filenames. For example, it renames "1.jpg" to "1.jpg.LOCK2023", "2.pn
FakeSG is the name of a malware campaign. It involves compromised websites that imitate the potential victim's browser and urge them to update it. However, instead of installing a browser upgrade, the victim inadvertently allows malicious software to infiltrate their device. The observed FakeSG c
HotRat is a robust Remote Access Trojan (RAT) based on the open-source AsyncRAT implementation. This malicious software empowers cybercriminals to steal sensitive data, inject additional malware, and perform other illicit activities. HotRat is typically distributed through unauthorized software do
Kizu is a ransomware variant that carries out file encryption and adds the ".kizu" extension to the filenames of all affected files. It also generates a ransom note titled "_readme.txt", which provides contact and payment instructions to the victim. Kizu is a member of the Djvu ransomware family a
During our examination of malware samples submitted to the VirusTotal website, we identified a ransomware variant referred to as Kiqu. This ransomware encrypts files and modifies their filenames by appending the ".kiqu" extension. Also, Kiqu generates a text file ("_readme.txt") which contains a r
Our research team found the ConfigInput app while inspecting new submissions to the VirusTotal website. After examining this application, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. ConfigInput is designed to generate revenue for its d
After inspecting the "Mail Account Deactivation Notice" letter, we determined that it is a phishing email. This mail states that the recipient's account will be deactivated, and to prevent this – an authentication process using the email password is necessary. However, all these claims are fake an
Search-content.com is the address of a fake search engine. Our researchers discovered this site while investigating deceptive webpages. From one such page, an installer containing the Apps browser hijacker was downloaded. This rogue browser extension promoted (via redirects) search-content.com. Ho
After carefully examining this email, our investigation revealed that it is a phishing attempt orchestrated by scammers seeking to obtain personal information from unsuspecting recipients. The email includes a deceptive attachment that leads to a fraudulent website, intending to trick users into d
WyrmSpy is a piece of malicious software classed as spyware. This Android-targeting malware has been used since at least 2017 to carry out cyber-espionage motivated attacks. WyrmSpy is linked to APT41 (aka BARIUM, Double Dragon, and Winnti) – a group backed by the Chinese state. Expanding their o