APT14CHIR is ransomware that our team discovered while examining samples submitted to the VirusTotal website. The purpose of APT14CHIR is to encrypt files. Additionally, it creates a ransom note ("PLEASE READ.txt" file) and renames files by replacing their filenames with a string of random charact
Konni is the name of a Remote Access Trojan (RAT). Malware categorized as such is designed to enable remote access and control over infected machines. RATs tend to be incredibly versatile tools applicable in a variety of ways. One campaign involving Konni has been noted as early as 2021, wherein
While examining getshowads[.]com, we found that it is one of the websites designed to trick visitors into agreeing to receive notifications. These notifications can be annoying and intrusive and can even be used to deliver malicious content to unsuspecting users. Thus, getshowads[.]com should not
GOLDBACKDOOR is malware designed to infiltrate a victim's computer and steal sensitive information. The deployment process of GOLDBACKDOOR appears to be a multi-stage operation, likely intended to evade detection by antivirus or endpoint security systems. It is currently believed that the maliciou
While inspecting new submissions to VirusTotal, our researchers discovered the Baal malicious program that is based on the Chaos ransomware. After we executed a sample of Baal (Chaos) ransomware on our test system, it encrypted files and modified their titles. Original filenames were appended wit
AnGrYTuRkEy is ransomware that encrypts files, changes the desktop wallpaper, drops the "read_it.txt" file (a ransom note) and appends the ".AnGrYTuRkEy" extension to filenames. Our malware researchers discovered AnGrYTuRkEy while checking the VirusTotal site for recently submitted malware samples
During the inspection of malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Djvu family dubbed Hhoo. Hhoo encrypts files and adds its own extension (".hhoo") to the original filenames. For instance, "1.jpg" becomes "1.jpg.hhoo", "2.png" becomes "2.p
Topreqdusa[.]com is a rogue site that we discovered while investigating untrustworthy websites. This page is designed to promote browser notification spam and – at the time of research – did so by employing fake CAPTCHA verification. The webpage in question can also redirect users to different (li
While inspecting questionable sites, our researchers discovered the topadvastudio[.]com rogue pages. This webpage is designed to push spam browser notifications. Furthermore, it can redirect visitors to different (likely untrustworthy/hazardous) websites. Most users enter sites like topadvastudio
Mikel is a variant of the Proxima ransomware. Malware within this classification is designed to encrypt data and demand payment. When we executed a sample of Mikel ransomware on our test machine, it encrypted files and appended their filenames with a ".mikel" extension. For example, a file initia