VenusStealer is information-stealing malware, a type of malicious software designed to gather sensitive information from computers. VenusStealer is written using the Python programming language. It targets browser data, Facebook data, and other personal information. Victims should remove VenusStea
Beep is a piece of malicious software. It is capable of stealing information and causing chain infections. At the time of writing, this malware appears to be still in development; however, it is highly evasive and employs multiple techniques to avoid detection and prevent analysis. Beep us
APT14CHIR is ransomware that our team discovered while examining samples submitted to the VirusTotal website. The purpose of APT14CHIR is to encrypt files. Additionally, it creates a ransom note ("PLEASE READ.txt" file) and renames files by replacing their filenames with a string of random charact
Konni is the name of a Remote Access Trojan (RAT). Malware categorized as such is designed to enable remote access and control over infected machines. RATs tend to be incredibly versatile tools applicable in a variety of ways. One campaign involving Konni has been noted as early as 2021, wherein
While examining getshowads[.]com, we found that it is one of the websites designed to trick visitors into agreeing to receive notifications. These notifications can be annoying and intrusive and can even be used to deliver malicious content to unsuspecting users. Thus, getshowads[.]com should not
GOLDBACKDOOR is malware designed to infiltrate a victim's computer and steal sensitive information. The deployment process of GOLDBACKDOOR appears to be a multi-stage operation, likely intended to evade detection by antivirus or endpoint security systems. It is currently believed that the maliciou
While inspecting new submissions to VirusTotal, our researchers discovered the Baal malicious program that is based on the Chaos ransomware. After we executed a sample of Baal (Chaos) ransomware on our test system, it encrypted files and modified their titles. Original filenames were appended wit
AnGrYTuRkEy is ransomware that encrypts files, changes the desktop wallpaper, drops the "read_it.txt" file (a ransom note) and appends the ".AnGrYTuRkEy" extension to filenames. Our malware researchers discovered AnGrYTuRkEy while checking the VirusTotal site for recently submitted malware samples
During the inspection of malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Djvu family dubbed Hhoo. Hhoo encrypts files and adds its own extension (".hhoo") to the original filenames. For instance, "1.jpg" becomes "1.jpg.hhoo", "2.png" becomes "2.p
Topreqdusa[.]com is a rogue site that we discovered while investigating untrustworthy websites. This page is designed to promote browser notification spam and – at the time of research – did so by employing fake CAPTCHA verification. The webpage in question can also redirect users to different (li