Tcvp is a Djvu ransomware variant that encrypts files, appends the ".tcvp" extension to filenames, and drops the "_readme.txt" file. Our malware researchers discovered Tcvp ransomware while examining samples submitted to VirusTotal. Djvu ransomware is often distributed with information-stealing ma
KEYSTEAL is the name of a trojan targeting macOS Keychain data. This malware arrives onto systems as a trojanized app called ResignTool. Due to how sensitive the information stored on the Mac Keychain can be - this malware poses significant threats to user privacy. The variant of KEYSTEA
While checking out dubious websites, our researchers found the secureyourdatabase[.]live page. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely unreliable/harmful) sites. Most visitors enter webpages like secureyourdatabase[.]live through redirects
Quickpcscanner[.]com is a rogue webpage discovered by our research team during a routine inspection of dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, quickpcscanner[.]com can redirect visitors to other (likely unreliable/dangerous) sites. Webpages o
While inspecting deceptive websites, we found a scam page stating that there is an "Important Update for Chrome" - from it, we downloaded and thus discovered the Cyber Shield browser extension. This piece of software claims to be a tool that improves online personal data security. However, our ana
Canadian (RRansom) is a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption tools. After we executed a sample of this ransomware on our test system, it encrypted files and appended their filenames with a ".canadian" extension. To elabor
We investigated this email and learned that it was sent by scammers who aim to trick unsuspecting recipients into providing personal information on a deceptive page. This email is disguised as a letter from an email service provider. It instructs recipients to validate their email accounts.
While examining this email, our malware researchers found that it contains a malicious attachment. Threat actors behind it are pretending to be a company based in Dubai. Their goal is to trick recipients into executing the FormBook malware designed to steal sensitive information. This emai
While looking through new submissions to VirusTotal, our researchers discovered the EngineFlow application. After analyzing this app, we learned that it is adware. Additionally, we determined that EngineFlow belongs to the AdLoad malware family. Adware stands for advertising-supported so
While inspecting malware samples submitted to VirusTotal, we found a new SATANA ransomware variant called SEX3. It encrypts files and appends the ".SEX3" extension to filenames. Also, it changes the desktop wallpaper and drops the "!satana!.txt" file containing contact and payment information. An