During our examination of malware samples submitted to VirusTotal, we came across a variation of Djvu ransomware known as Coaq. This version encrypts files and adds the ".coaq" extension to their names. Moreover, Coaq also creates a ransom note file named "_readme.txt". Since Coaq is associated w
Our investigation of malware samples uploaded to VirusTotal has uncovered a new version of the Djvu ransomware dubbed Cosw. Its primary aim is to encrypt files on the infected computer and rename them with by appending the ".cosw" extension. Cosw also creates a file named "_readme.txt", which cont
While inspecting new submissions to VirusTotal, our researchers discovered Carver – a malicious program belonging to the Phobos ransomware family. Malware within this category is designed to encrypt data and demand ransoms for its decryption. After we executed a sample of Carver on our test machi
ImBetter is the name of an information-stealing malware. Stealers can extract a wide variety of sensitive information from systems and installed applications. ImBetter has been actively spread via malicious websites disguised as ones relating to cryptocurrency and those offering online file format
While investigating rogue websites, our research team discovered an installer bundled with the CD Collection malicious program. If CD Collection is detected on the system, it is highly likely that adware and/or other unwanted/malicious content has infiltrated it as well. Following installa
Our inspection of the "Messages Not Delivered Due To Server Interruptions" email revealed that it is spam. This phishing letter aims to trick recipients into disclosing their email account credentials by making false claims regarding undelivered messages. The spam email with the subject "M
While inspecting browser-hijacking software, our research team discovered the browsing-shield.xyz fake search engine. These websites cannot generate search results, so they redirect to legitimate search engines. Sites like browsing-shield.xyz are typically promoted (through redirects) by browser
Our researchers discovered the Skynetwork ransomware-type program while investigating new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demand ransom for its decryption. Once we launched a sample of Skynetwork on our
Crazyresultsnow.com is the URL of an illegitimate search engine. Websites of this kind are usually incapable of generating search results, and while crazyresultsnow.com can – they are inaccurate and may include irrelevant/deceptive content. Fake search engines are typically promoted by browser hi
After inspecting the "Product Availability Confirmation" email, we learned that it is spam. The fake letter is presented as an urgent purchase request from the sender. This mail operates as a phishing scam and promotes a phishing site disguised as SharePoint. This website is designed to record and