After inspecting the "Payment Via ATM Visa Card Will Be Shipped" email, we determined that it is spam. This fake letter is presented as a missive from the "Executive Office of the President United States American" (mistyped the same in the original) and even the 46th president of the USA – Joe Bid
DrWeb is ransomware belonging to the Xorist family. Our malware researchers discovered DrWeb during an analysis of malware samples submitted to the VirusTotal website. DrWeb encrypts files, appends the ".DrWeb" extension to filenames, displays an error pop-up window and creates the "КАК РАСШИФРОВА
We have inspected this email and determined that it is a fake letter from an email service provider. Scammers behind this email aim to lure unsuspecting recipients into providing personal information on a phishing page. Recipients of this (or any similar) email should not open the provided site an
While investigating suspicious websites, we found the Download pro browser extension. It is promoted as a tool that aids with the management of download histories. However, our analysis of Download pro revealed that it operates as adware. Adware stands for advertising-supported software. I
Our researchers discovered finderflash.club while investigating rogue software. This website is classed as a fake search engine, and it is incapable of generating search results. Typically, sites of this kind are promoted (through redirects) by browser hijackers. Illegitimate search engines and t
After inspecting the "Trunk Box Delivery" email, we determined that it is spam. This phishing letter states that the recipient will receive an exorbitant sum of money after they pay a fee and reconfirm their personal information. It must be emphasized that all the claims made by the "Trunk Box De
Cancelnotifications.com is the URL of a fake search engine. Websites classed as such are typically incapable of generating search results and tend to redirect to legitimate search engines. Cancelnotifications.com is not an exception. These sites are promoted (through redirects) by browser hijacker
RootFinder is an information stealer written using the .NET platform. It steals information from Windows operating systems and sends stolen data to attackers via Telegram. RootFinder is sold for $50. Cybercriminals promote this stealer on hacker forums. RootFinder steals cookies, passwords
Youhau is ransomware that encrypts data, modifies filenames, and provides a ransom note. Our team discovered Youhau while examining malware samples submitted to the VirusTotal website. We also found that Youhau is part of the VoidCrypt ransomware family. The ransom note that this ransomware create
While investigating new submissions to VirusTotal, our research team discovered the Nochi ransomware-type program. This malware is based on the Chaos ransomware. After we executed a sample of Nochi on our test machine, it encrypted files and modified their filenames. The titles of affected files