Fraudsters use all kinds of ways to extract information or money from people and distribute malicious programs via emails. This article describes cases where fraudsters use emails to trick recipients into installing ConnectWise (formerly known as ScreenConnect). This software allows threat actors
RisePro is an information stealer that has similarities with another stealer called Vidar. It gathers sensitive data and extracts it in the form of logs. RisePro is written in the C++ programming language. Threat actors have been observed distributing RisePro via a malware downloader called Privat
GodFather is the name of an Android malware targeting online banking pages and cryptocurrency exchanges in 16 countries. It opens fake login windows over legitimate applications. Threat actors use GodFather to steal account credentials. Additionally, GodFather can steal SMSs, device information, a
Iswr is the name of a Djvu ransomware variant. We discovered it while inspecting malware samples submitted to the VirusTotal page. Iswr encrypts the victim's files, appends its extension (".iswr") to the filenames of all encrypted files, and drops its ransom note (the "_readme.txt" file). An exam
We have analyzed mywowspot[.]com and learned that the purpose of this page is to trick visitors into agreeing to receive notifications from it. Additionally, mywowspot[.]com may redirect users to other untrustworthy websites. It is very uncommon for pages like mywowspot[.]com to be visited on purp
CRYPT crypto-malware based on CONTI ransomware. It encrypts files, appends the ".CRYPT" extension to filenames, and creates the "Readme_Instructions.html" file that contains a ransom note. An example of how CRYPT modifies filenames: it renames "1.jpg" to "1.jpg.CRYPT", "2.png" to "2.png.CRYPT", an
Our team has analyzed this email and found that it is written by scammers pretending to be representatives of Standard Bank. The purpose of this scam email is to trick recipients into entering personal information on the opened fake web page. Emails of this kind are called phishing emails. They sh
Isza is ransomware (one of the ransomware variants belonging to the Djvu family) that encrypts files, appends its extension to filenames, and drops a ransom note. Isza renames files by appending the ".isza" extension and creates the "_readme.txt" file to provide contact and payment information. A
Isal is ransomware that prevents victims from accessing their data by encrypting it. Our team discovered this ransomware while checking the VirusTotal page for recently submitted malware samples. Additionally, Isal appends the ".isal" extension to filenames and drops a ransom note (the "_readme.tx
SBU is one of the ransomware variants belonging to the Dharma family. SBU encrypts data, appends its extension (".SBU") to filenames, creates the "info.txt" file, and displays a pop-up window. The text file and pop-up window contain ransom notes. An example of how SBU ransomware renames files: it