While inspecting malware samples submitted to VirusTotal, we discovered a Djvu ransomware variant dubbed Bpws. This variant encrypts files and appends the ".bpws" extension to filenames. Also, Bpws drops its ransom note (the "_readme.txt") file. Since Bpws is part of the Djvu ransomware, it may b
While investigating suspicious webpages, our researchers found dozefive[.]xyz. This rogue page is designed to promote scams and browser notification spam. Furthermore, it can redirect users to different (likely unreliable/hazardous) websites. Most visitors to dozefive[.]xyz and webpages akin to i
While testing the Sticky Notes application, we found that it is an extension that functions as a browser hijacker. It hijacks a web browser by changing its settings to promote finddbest.com - a fake search engine. It is uncommon for apps of this type to be added to browsers intentionally. Our team
After inspecting the "United Nations - Abandoned Shipment" email, we determined that it is spam. The letter is supposedly from a "Head Officer in Charge" and claims that a consignment intended for the recipient failed to reach them due to improper documentation and unpaid fees. The shipment consis
We have examined this email and determined that it is used to trick unsuspecting recipients into parting with their money in an inheritance scam. It offers to share the unclaimed funds of a supposedly deceased person. We also found that there are at least two versions of this scam email. T
CatB is a ransomware-type program. It encrypts data and demands payment for the decryption. While testing this ransomware, we learned that it does not alter the filenames of encrypted files - an uncommon occurrence in these types of infections. CatB inserts ransom notes at the beginning of each e
Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. Malware of this type is used to gain remote control of a target computer. Threat actors have been observed using a legitimate a process that reports errors in Windows (and Windows applications) to distribute P
Cyclops is the name of a malicious program classified as ransomware. This malware is designed to encrypt data and demand ransoms for its decryption. After being launched on our test system, Cyclops ransomware began encrypting files. Typically, the affected files are renamed (often by being append
MintStealer (also known as Mint Stealer) is an information stealer targeting web browsers, messengers, mail clients, VPN clients, game sessions, and more. It is used to extract sensitive data. MintStealer is being sold as Malware-as-a-service (MaaS). Other cybercriminals can purchase MintStealer f
Webaddictremind[.]xyz is the address of a rogue website designed to run scams, promote spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) pages. Our researchers discovered the webaddictremind[.]xyz webpage while inspecting sites that use rogue advertising net