PowerMagic is the name of a backdoor malware written in PowerShell. It is known that PowerMagic is used in attacks where cybercriminals distribute another malware called CommonMagic. Backdoor malware refers to a form of malicious software that creates a concealed entry point into a computer system
CommonMagic is a modular malicious framework. It is suspected to be distributed through a malware strain known as PowerMagic. The CommonMagic framework is composed of multiple executable modules and has the ability to capture screenshots and collect data from USB drives. It seems that CommonMagic
After reviewing this "Walmart Order" email, we determined that it is spam. The scam email is presented as a notification regarding a purchase made from Walmart. This spam mail aims to deceive recipients into calling the fake support line and thus entrapping them in a scam. The email with t
While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Xorist family dubbed Rans-A. This ransomware encrypts files, appends the ".Rans-A" extension to filenames, creates the "HOW TO DECRYPT FILES.txt" file, and displays an error message t
DotRunpeX is the name of an injector-type malware. This program is written in .NET and has been around since at least 2022. There are multiple variants of DotRunpeX. This malware serves as an integral part of infection chains and is typically delivered in the second stage of the process. The purpo
We have inspected searchwebhub.com and found that it is a search engine that shows ads and may provide misleading results. Thus, searchwebhub.com is not a reliable search engine and should not be used. It is worth mentioning that search engines of this kind usually are promoted through browser hij
Downloader for Image is promoted as a browser extension that enables users to download images from websites. However, during our testing, we discovered that it generates advertisements, making it an advertising-supported application. It should be emphasized that such applications are often distrib
Tywd is a type of ransomware that encrypts files stored on a victim's computer and demands payment in exchange for decryption tools. Our team stumbled upon Tywd while monitoring the VirusTotal website for newly submitted malware samples. Tywd appends the ".tywd" extension to the filename of each e
During our analysis of malware samples recently submitted to VirusTotal, our team discovered a ransomware called Tycx. Further investigation revealed that Tycx belongs to the Djvu ransomware family, and it is programmed to encrypt files, append the ".tycx" extension to their filenames, and generat
Our researchers found the eutrack[.]work rogue webpage while inspecting suspect websites. Ir operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/harmful) sites. Most users enter pages like eutrack[.]work through redirects caused by websites that us