After analyzing the DeckData application, our team has determined that it produces advertisements, leading us to classify it as a standard form of adware. Another important detail about this adware is that we have discovered it while inspecting deceptive websites. Through extensive testi
After inspecting the "PayPal - Order Has Been Completed" email – we determined that it is spam. This letter is presented as a notification regarding a successful purchase made via PayPal. This spam mail aims to trick recipients into calling the provided helpline and thus getting lured into the sca
Arashpar[.]xyz is a rogue webpage that we discovered while inspecting questionable websites. It is designed to promote browser notification spam and redirect users to different (likely unreliable/harmful) sites. Most visitors to arashpar[.]xyz and similar pages access them via redirects caused by
WhiskerSpy is the name of backdoor malware. Malware of this type is used to gain remote access to computers. It is known that WhiskerSpy is capable of executing shell commands, injecting code into another process, exfiltrating specific files, taking screenshots, and more. It should be removed from
While investigating new submissions to VirusTotal, we found a malicious program called Saw. It is part of the Xorist ransomware family, and like all programs within this group – Saw is designed to encrypt data and demand payment for its decryption. After we executed a sample of Saw ransomware on
Getnomadtblog[.]com is a deceptive website that attempts to trick visitors into subscribing to its notifications. This site may also redirect visitors to other pages of similar nature. Our team uncovered getnomadtblog[.]com while investigating illegal movie streaming websites, torrent sites, and s
BRUH is ransomware based on Chaos ransomware. We discovered this ransomware strain while inspecting malware samples submitted to the VirusTotal page. BRUH encrypts data, appends a random extension (four random characters) to filenames, changes the desktop wallpaper, and drops the "read_it.txt" fil
Iotr is ransomware that belongs to the Djvu ransomware family. Our team discovered this ransomware on VirusTotal while analyzing malware samples submitted to the page. Iotr encrypts files and adds the ".iotr" extension to their filenames. Additionally, it drops the "_readme.txt" file, which contai
Our analysis of malware samples submitted to VirusTotal has revealed the existence of a new variant of the Djvu ransomware family, dubbed Iowd. Its main objective is to encrypt files on an infected system. Also, Iowd appends the ".iowd" extension to filenames and creates the "_readme.txt" file wit
After analyzing malware samples submitted to VirusTotal, we have identified a new ransomware variant known as Ioqa, which is a member of the Djvu ransomware family. The primary objective of Ioqa is to encrypt files on the infected system. As part of the encryption process, Ioqa renames the affecte