M2RAT is a backdoor malware that operates as a remote access trojan (RAT), performing functions such as keylogging, data theft, command execution, and taking screenshots. The malware uses shared memory sections for commands and data exfiltration, leaving few traces on the infected device.
goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. Malware of this type can provide attackers with access to sensitive information like messages, call logs, and photos, as well as the ability to execute commands, take s
Our researchers discovered the softlifeinfo[.]com rogue webpage during a routine inspection of dubious sites. This page promotes untrustworthy/harmful software and browser notification spam. Additionally, it can redirect visitors to different (likely unreliable/hazardous) websites. Users typicall
Zteqqd is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. On our testing machine, this ransomware encrypted files and altered their filenames. The titles of affected files were appended with a unique ID assigned to the victim and a ".zteqq
While inspecting new submissions to VirusTotal, our research team discovered the SharedFormat application. After examining this piece of software, we determined that it is adware belonging to the AdLoad malware family. This app is designed to display advertisements, and it may have additional ha
Our team has examined securityguardplus[.]site and found that this page uses deceptive marketing to promote legitimate antivirus software. It shows deceptive messages to trick visitors into believing that their computers might be infected. We determined that securityguardplus[.]site runs the "You'
Stealc is the name of an information-stealing malware. It targets a wide variety of data associated with browsers, messaging software, cryptocurrency wallets, and other apps/extensions. According to Stealc's developers, it was created by relying on Vidar, Raccoon, Mars, and RedLine stealers. Natu
MEDUSA is ransomware that encrypts data, appends the ".MEDUSA" extension to filenames, and drops the "!!!READ_ME_MEDUSA!!!.txt" file, which contains a ransom note. Our team discovered MEDUSA while examining samples submitted to VirusTotal. An example of how MEDUSA modifies filenames: it renames "
While investigating rogue installation setups, we found one promoting the search-good.com illegitimate search engine. Websites of this kind are typically endorsed (through redirects) by browser-hijacking software. During our analysis, we discovered search-good.com being promoted by a browser hijac
During our analysis of malware samples submitted to the VirusTotal page, we came across a ransomware strain dubbed Jron. Upon further investigation, we determined that Jron belongs to the Dharma ransomware family. Jron encrypts data, alters file names, presents a pop-up window, and generates a tex