CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped
While inspecting sites that use rogue advertising networks, our research team discovered the "FIFA Crypto Giveaway" scam. It is presented as a giveaway held by FIFA, in which users are to contribute a certain amount of either Bitcoin (BTC) or Ethereum (ETH) cryptocurrency to the "event" and immedi
Our inspection of the "Your Organization Needs More Information To Keep Your Account Secure" email revealed that it is spam that operates as a phishing scam. These letters target the log-in credentials of recipients' email accounts by offering the latest tech and security innovations. This
Tcbu is the name of the Djvu ransomware variant that our team discovered while checking the VirusTotal page for recently submitted malware samples. We learned that Tcbu encrypts files, appends ".tcbu" extension to filenames, and drops the "_readme.txt" file (a ransom note). An example of how Tcbu
Tcvp is a Djvu ransomware variant that encrypts files, appends the ".tcvp" extension to filenames, and drops the "_readme.txt" file. Our malware researchers discovered Tcvp ransomware while examining samples submitted to VirusTotal. Djvu ransomware is often distributed with information-stealing ma
KEYSTEAL is the name of a trojan targeting macOS Keychain data. This malware arrives onto systems as a trojanized app called ResignTool. Due to how sensitive the information stored on the Mac Keychain can be - this malware poses significant threats to user privacy. The variant of KEYSTEA
While checking out dubious websites, our researchers found the secureyourdatabase[.]live page. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely unreliable/harmful) sites. Most visitors enter webpages like secureyourdatabase[.]live through redirects
Quickpcscanner[.]com is a rogue webpage discovered by our research team during a routine inspection of dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, quickpcscanner[.]com can redirect visitors to other (likely unreliable/dangerous) sites. Webpages o
While inspecting deceptive websites, we found a scam page stating that there is an "Important Update for Chrome" - from it, we downloaded and thus discovered the Cyber Shield browser extension. This piece of software claims to be a tool that improves online personal data security. However, our ana
Canadian (RRansom) is a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption tools. After we executed a sample of this ransomware on our test system, it encrypted files and appended their filenames with a ".canadian" extension. To elabor