CatB is a ransomware-type program. It encrypts data and demands payment for the decryption. While testing this ransomware, we learned that it does not alter the filenames of encrypted files - an uncommon occurrence in these types of infections. CatB inserts ransom notes at the beginning of each e
Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. Malware of this type is used to gain remote control of a target computer. Threat actors have been observed using a legitimate a process that reports errors in Windows (and Windows applications) to distribute P
Cyclops is the name of a malicious program classified as ransomware. This malware is designed to encrypt data and demand ransoms for its decryption. After being launched on our test system, Cyclops ransomware began encrypting files. Typically, the affected files are renamed (often by being append
MintStealer (also known as Mint Stealer) is an information stealer targeting web browsers, messengers, mail clients, VPN clients, game sessions, and more. It is used to extract sensitive data. MintStealer is being sold as Malware-as-a-service (MaaS). Other cybercriminals can purchase MintStealer f
Webaddictremind[.]xyz is the address of a rogue website designed to run scams, promote spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) pages. Our researchers discovered the webaddictremind[.]xyz webpage while inspecting sites that use rogue advertising net
While investigating deceptive websites, our researchers discovered the Download Checker browser extension. It is promoted as a tool for testing Internet speed. However, our analysis of Download Checker revealed that it operates as advertising-supported software (adware) instead. Adware is
During a routine inspection of new submissions to VirusTotal, we discovered the Worlddecoding malicious program that is practically identical to World2022decoding ransomware. After we executed a sample of Worlddecoding ransomware on our testing system, it encrypted files and appended their titles
While analyzing the Duplicatefinder application, our team found that it displays annoying advertisements. Apps that bombard users with ads are classified as adware. We discovered Duplicatefinder while examining a download assistant downloaded from a shady website. As its name suggests, Dup
While checking out new submissions to VirusTotal, our research team discovered the EazyBit rogue application. After inspecting it, we determined that this piece of software operates as adware. We also learned that EazyBit is part of the AdLoad malware family. Adware stands for advertisin
Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is down