While inspecting new malware submissions to VirusTotal, our research team discovered the Kevin ransomware. Malicious software within this classification operates by encrypting data in order to make ransom demands for the decryption keys/tools. When we executed a sample of Kevin ransomware on our
Our analysis of the "Daily Quarantined Message Report" email revealed that it is spam. Letters belonging to this campaign are presented as genuine reports concerning recipients' inboxes. This spam mail aims to steal email accounts by promoting a phishing website. The email with the subject
Our malware researchers examined this email and found that it is used by cybercriminals who aim to trick recipients into infecting their computers with FormBook malware. The email itself is disguised as a letter regarding some payment terms. It has a PDF document attached to it that downloads an I
NULLTHEGAME is ransomware based on the Chaos ransomware. We discovered it while inspecting malware samples submitted to VirusTotal. NULLTHEGAME encrypts files, appends the ".NULL" extension to filenames, changes the desktop wallpaper and drops a ransom note (the "read_it.txt" file). An example of
While examining winsafe[.]xyz, our team found that this page uses a clickbait technique to lure visitors into agreeing to receive notifications. We also learned that winsafe[.]xyz has at least two designs. We discovered winsafe[.]xyz while inspecting websites that use rogue advertising networks.
lUUUUUUUUU is the name of a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. This malicious program is part of the Xorist ransomware family. After being launched on our testing system, this ransomware encrypted files and appended the filename
Cryptonite (.cryptn8) is a ransomware designed to encrypt data and demand payment for the decryption. As reported by Fortinet, this is a customizable version of ransomware that is available for free, which is uncommon. Malware of this type usually appends the encrypted files with an extension, an
RAXNET is a malicious program that operates as a clipper. Malware within this classification can replace clipboard data. RAXNET specifically targets copied cryptocurrency wallet addresses and replaces them with those belonging to the attackers. The purpose of this malware is to steal cryptocurrenc
Patriot is the name of a malicious program that operates as a stealer. Despite being described as an "educational" tool in its promotional material, this program is sold on the Web and has functionalities designed for malicious use. Patriot is capable of stealing a wide variety of information, in
After analyzing the "Incoming Messages ERROR Notification" email, we determined that it is spam operating as a phishing scam. This mail claims that an error had occurred on the recipient's email account and prevented messages from researching the inbox. To release the nonexistent letters - the rec