Our team discovered an untrustworthy application called OnlineProgram while examining various deceptive pages (e.g., web pages offering to download updates for supposedly outdated software). After installing OnlineProgram, we noticed that it shows unwanted advertisements. Thus, we categorized th
While inspecting new submissions to VirusTotal, our researchers discovered the DoyUk 7.1 ransomware. This is not our first encounter with this malware, as we have previously analyzed the DoyUk 2.0 and DoyUk 5.0 variants. After we executed this latest version on our test machine, it encrypted file
After examining the email, we found that this is a fake email from YouTube regarding copyright infringement. It contains a website link designed to download an archive file that contains a malicious file. Cybercriminals behind this email aim to trick recipients into downloading and executing malwa
After inspecting the "Error From Your Mail Server" email, we determined that it is spam that operates as a phishing scam. This letter makes false claims about emails failing to reach the recipient's inbox, which can be rectified by verifying the account again. The goal of this spam mail is to lur
Eemv is the name of ransomware belonging to the Djvu family. The purpose of eemv is to encrypt files. Additionally, this ransomware renames files (it appends the ".eemv" extension to filenames) and creates a text file ("_readme.txt") to provide contact and payment information. Our team discovered
Eewt is ransomware that encrypts the victim's files, appends its extension (".eewt") to filenames, and drops a ransom note ("_readme.txt") on the desktop. Our malware researchers discovered Eewt while examining samples submitted to the VirusTotal web page. This ransomware belongs to the Djvu famil
MONTI is a ransomware-type program designed to encrypt data and demand payment for the decryption tools. It is a new variant of CONTI ransomware. Furthermore, MONTI shares extreme similarities with CONTI's modus operandi. In February 2022, the group behind CONTI experienced a massive breach and d
Our researchers discovered the Black-Lights browser extension during a routine inspection of suspicious software-promoting webpages. This extension is endorsed as a tool capable of enabling dark mode for simple design websites. However, our analysis of Black-Lights revealed that it operates as adw
Our research team discovered the SilkTopic rogue app while investigating new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It displays advertise
Our researchers discovered the Ballacks ransomware while inspecting new submissions to VirusTotal. This malicious program belongs to the VoidCrypt ransomware family. Once we launched a sample of Ballacks on our test machine, it began encrypting files ad modified their names. Original filenames we