Tzw is the name of a ransomware-type program we discovered while inspecting new submissions to VirusTotal. We executed a sample of Tzw on our test machine, and this ransomware encrypted the files and changed their titles. The filenames were appended with a ".tzw" extension, e.g., a file initially
NeedleDropper is a malware variant designed to drop malicious payloads (inject malware). It is advertised and sold on hacking forums. NeedleDropper is a self-extracting archive that contains files used for malware execution. Threat actors have been observed distributing this malware via email.
After inspecting the "Real Estate Investment" email – we determined that it is fake. The spam letter claims to be sent by an ex-government official from the opposition party in Syria. The fabricated sender expresses wishes to make the recipient a foreign partner in their business ventures. This im
Nyx is ransomware that encrypts files, appends the victim's ID, datasupp@onionmail.com email address, and the ".NYX" extension to filenames, and drops the "READ_ME.txt" file (its ransom note). Our team discovered Nyx ransomware while inspecting malware samples submitted to VirusTotal page. An exa
While examining malware samples submitted to VirusTotal, our team discovered ransomware dubbed Xollam. We found that Xollam is a new variant of Mallox ransomware with a reversed name. It encrypts files, appends the ".xollam" extension to filenames, and creates the "FILE RECOVERY.txt" text file con
Our inspection revealed that this "Data Backup" email is spam. It operates as a phishing scam targeting email account log-in credentials. The fake letter claims that the mail service will be shut down, but if the recipient uses the linked backup guide – they will be able to continue using their ac
Youractualjournal[.]com is the address of a rogue webpage that our researchers discovered while inspecting untrustworthy sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) websites. Users typically enter such pages through redirects c
Pegasus is the name of a malicious program within the spyware classification. It targets Android operating systems and can perform various commands and extract a broad range of information. Pegasus is a highly sophisticated program developed by the Israeli cyber-arms company called NSO Group. Thi
While examining hiltus[.]click, we found that this page runs various scams (shows deceptive messages) and asks for permission to show notifications. This page cannot be trusted. Typically, users do not visit such sites on purpose. Our team discovered hiltus[.]click while inspecting pages that use
While inspecting the One Click Image Downloader application, we found that it is an advertising-supported browser extension. Apps of this type display unwanted advertisements. We discovered at least two deceptive websites promoting One Click Image Downloader. The description of the One Cli