Colour-Blind is the name of a Remote Access Trojan (RAT) written in Python. This malware steals sensitive information and allows cybercriminals to perform various tasks on infected machines. Colour-Blind malware is also designed to evade detection. It is known that Colour-Blind is delivered via ma
IceFire (also known as iFire) is ransomware that encrypts files, appends the ".iFire" extension to filenames, and creates the "iFire-readme.txt" file (a ransom note). The purpose of IceFire is to keep files inaccessible until a ransom is paid. An example of how IceFire renames files: it changes "
Cinoshi is the name of an information-stealing malware. There are several variants of this stealer, some of which have additional abilities – including botnet, clipper, and cryptominer functionalities. The presence of Cinoshi malware on the system can endanger both device integrity and user privac
After inspecting the "Junk Filter" email, we determined that it is spam. This fake letter offers a bogus junk/spam mail filter to prevent the influx of unwanted content to the recipient's inbox. The aim of this phishing email is to trick recipients into disclosing their mail account log-in credent
While examining findmeday.com, we found that it is a shady search engine that may provide misleading results. Typically, search engines of this sort are advertised through browser hijackers, which modify browser settings to promote the search engine. Users seldom download these applications intent
During our evaluation of the Zoco PDF Viewer application/browser extension, we observed that it exhibits intrusive advertisements, leading us to classify it as adware. Further analysis revealed that Zoco PDF Viewer has the ability to read and modify all data on any website. Our team discovered Zoc
Upon inspection of the email, we have concluded that it is a phishing scam, where scammers attempt to obtain sensitive information from unsuspecting individuals. The email masquerades as a DHL shipment arrival notice and includes an attachment that leads to a fake login page. This letter a
Our research team encountered a ransomware dubbed Coba while analyzing malware samples submitted to VirusTotal. Coba belongs to the Djvu family and operates by encrypting the victim's files once it infects their computer. The original filename is modified by appending the ".coba" extension to it.
Searchwebhelp.com is the address of an illegitimate search engine. While most sites of this kind cannot provide search results, this website is an exception. However, the results are inaccurate and may include deceptive and potentially harmful content. Fake search engines are commonly promoted by
PayMe100USD is the name of a ransomware-type program. Malware within this classification operates by encrypting data and demanding payment for the decryption tools. Once we executed a sample of PayMe100USD ransomware on our test machine, it encrypted files and appended their filenames with a ".Pa