While investigating malware samples submitted to VirusTotal, our team discovered an information stealer called Titan. Malware of this type gathers sensitive data from the infected system and sends it to the attacker. Typically, cybercriminals behind information stealers are financially motivated.
While checking out deceptive websites, our researchers discovered the Tab Session browser extension. It is presented as a productivity improvement tool that promises easy access and navigation on browsers. However, Tab Session operates as adware. This browser extension runs intrusive ad campaigns
XStealer is a piece of malicious software designed to steal data. This stealer malware can exfiltrate browsing and user information. Therefore, XStealer infections endanger victims' privacy and safety. XStealer, like many stealers, begins its operation by gathering relevant device data (e.
While reviewing new submissions to VirusTotal, our research team found the Cipher ransomware. This malicious program is part of the MedusaLocker ransomware family. After a sample of Cipher was executed on our testing system, it began encrypting files and appended their names with a ".cipher" exte
While investigating reportyouridentity[.]site, we found that it is a deceptive page designed to trick visitors into believing that their computers are infected. Also, reportyouridentity[.]site asks for permission to show notifications. Our team discovered reportyouridentity[.]site while inspecting
Our analysis of the "DHL Shipping Document/Invoice Receipt" email revealed that it is fake. This spam letter is presented as a notification from DHL - a legitimate logistics, courier, delivery, and express mail company. This mail attempts to trick recipients into disclosing their email account log
TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. TONEINS, alongside TONESHELL and PUBLOAD, have been observed being distributed in cyberespionage campaigns particularly active in Asi
Uyit is ransomware that encrypts files, appends the ".uyit" extension to filenames, and drops a ransom note (the "_readme.txt") file. Uyit is one of the Djvu ransomware variants. We discovered it while checking the VirusTotal page for recently submitted malware samples. It is common for Djvu ranso
Timespace[.]top is a rogue page that our researchers found while inspecting dubious websites. This webpage promotes spam browser notifications and can redirect visitors to other (likely deceptive/malicious) sites. Most users access pages like timespace[.]top via redirects caused by sites using ro
Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth. It embeds t