While examining video***[.]space pages (e.g., videofin[.]space, videobtc[.]space, videoeth[.]space, videofun[.]space), we found that they display deceptive content to lure visitors into agreeing to receive notifications. Users do not visit such pages on purpose. Our team discovered them while visi
After examining this email, our team determined that it is a scam email written by scammers who try to trick recipients into believing they have won a lottery but have not claimed their prize. They aim to lure recipients into providing personal information and (or) transferring money. This email s
MortalKombat is ransomware our malware researchers have discovered while inspecting samples submitted to the VirusTotal website. It encrypts files, changes the desktop wallpaper, drops the "HOW TO DECRYPT FILES.txt" file, and modifies filenames. MortalKombat is based on Xorist ransomware. MortalK
We have inspected this email and concluded that it is written by scammers who aim to trick recipients into providing sensitive information. It is disguised as a letter regarding a cryptocurrency transaction and contains links designed to open phishing pages. This email should be marked as spam and
While examining malware samples submitted to VirusTotal, we discovered a ransomware belonging to the Djvu family called Znto. It encrypts files, appends the ".znto" extension to filenames of encrypted files, and creates a text file ("_readme.txt") containing a ransom note. An example of how Znto
Block_file12 is ransomware designed to encrypt files and append an email address and the ".block_file12" extension to filenames. An example of how Block_file12 renames filenames: it changes "1.jpg" to "1.jpg!===contact_mail===itankan12@gmail.com===.block_file12", "2.png" to "2.png!===contact_mail=
Ekipa is the name of a Remote Administration Trojan (RAT) sold on a hacker forum for $4500. Threat actors use RATs to perform remote malicious activities on infected computers. Ekipa RAT can gather system information, manage files, and perform other tasks. It should be removed from the infected co
After testing the Cats fanpage browser extension, we found that it is a browser hijacker designed to promote search.cats-fan.com - a fake search engine. Cats fanpage hijacks a web browser by changing some of its settings. Usually, browser hijackers are promoted in deceptive ways. Cats fanp
While examining CyberBlock browser extension, we found that it displays annoying advertisements. Also, it can read various data. Apps that show advertisements are categorized as adware. Usually, users download and install (or add) advertising-supported apps like CyberBlock inadvertently. C
Theva is ransomware that encrypts data and appends the sql772@aol.com email address and its extension (".theva") to filenames. Also, Theva changes the desktop wallpaper and drops a ransom note (the "#_README_#.inf" file). Our team discovered Theva while analyzing malware samples submitted to Virus