Enigma is an information stealer written in the C# programming language. It is a variation of another stealer known as Stealerium. It is important to note that Enigma is also the name of a legitimate company that offers business intelligence and data services, which has no association with the inf
Our team has found that searchthatonline.com is a search engine that may generate questionable results and display ads. It is common for search engines of this nature to be promoted by browser hijackers, which alter the browser's settings. Users often add such apps to browsers unintentionally.
In our analysis of Vvoo, we found that it is a ransomware variant from the Djvu family. Vvoo encrypts data, appends the ".vvoo" extension to the filenames of the encrypted files, and creates a ransom note (the "_readme.txt" file). Our team came across Vvoo while reviewing samples submitted to Viru
After investigating the "Social Security Account Missing Information" spam email, we determined that it operates as a phishing scam. Allegedly, this letter regards the recipient's social security documentation, which is in an attachment. The attached file is "encrypted" and requires the user to l
After we inspected the "Norton360 Total Protection Subscription Charge" email, we determined that it is spam. This letter is presented as a notification regarding the purchase of the Norton 360 anti-virus. The goal of this mail is to trick recipients into calling the provided telephone number and
During a routine inspection of questionable websites, our researchers discovered the 10downloader[.]com webpage. This site is designed to allow users to convert YouTube video links into downloadable files. It must be mentioned that YouTube converter websites break copyright laws. What is more, 10
Our analysis of the Art Tab application has revealed that it is a browser extension that has been created to hijack web browsers. The app forcibly pushes a fake search engine (srchinart.com) by altering the settings of the browser. Additionally, Art Tab has the ability to read certain data.
While inspecting browser hijackers, our researchers found the thebestwefind.com fake search engine. Sites of this kind are typically promoted by browser-hijacking software. It makes alterations to browsers in order to cause redirects to illegitimate search engines. Furthermore, websites like thebe
PYAS is ransomware - malicious software that encrypts victims' files, making them inaccessible. In addition to encrypting files, PYAS appends the ".PYAS" extension to filenames and drops the "README.txt" file that contains a ransom note. An example of how PYAS renames files: it changes "1.jpg" to
While analyzing Vvmm, we found that it is one of the ransomware variants belonging to the Djvu family. Vvmm encrypts data, appends the ".vvmm" extension to filenames of the encrypted files, and creates a ransom note ("_readme.txt" file). Our team discovered Vvmm while inspecting samples submitted