XStealer is a piece of malicious software designed to steal data. This stealer malware can exfiltrate browsing and user information. Therefore, XStealer infections endanger victims' privacy and safety. XStealer, like many stealers, begins its operation by gathering relevant device data (e.
While reviewing new submissions to VirusTotal, our research team found the Cipher ransomware. This malicious program is part of the MedusaLocker ransomware family. After a sample of Cipher was executed on our testing system, it began encrypting files and appended their names with a ".cipher" exte
While investigating reportyouridentity[.]site, we found that it is a deceptive page designed to trick visitors into believing that their computers are infected. Also, reportyouridentity[.]site asks for permission to show notifications. Our team discovered reportyouridentity[.]site while inspecting
Our analysis of the "DHL Shipping Document/Invoice Receipt" email revealed that it is fake. This spam letter is presented as a notification from DHL - a legitimate logistics, courier, delivery, and express mail company. This mail attempts to trick recipients into disclosing their email account log
TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. TONEINS, alongside TONESHELL and PUBLOAD, have been observed being distributed in cyberespionage campaigns particularly active in Asi
Uyit is ransomware that encrypts files, appends the ".uyit" extension to filenames, and drops a ransom note (the "_readme.txt") file. Uyit is one of the Djvu ransomware variants. We discovered it while checking the VirusTotal page for recently submitted malware samples. It is common for Djvu ranso
Timespace[.]top is a rogue page that our researchers found while inspecting dubious websites. This webpage promotes spam browser notifications and can redirect visitors to other (likely deceptive/malicious) sites. Most users access pages like timespace[.]top via redirects caused by sites using ro
Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth. It embeds t
Bazek is ransomware that our team discovered while checking the VirusTotal site for recently submitted malware samples. We found that it encrypts files, appends the ".bazek" extension to filenames, and drops the "README.txt" file containing a ransom note. Our team also learned that there are two
While analyzing the IdentityStack application, our team found that it shows annoying advertisements and can read sensitive information. Thus, we classified IdentityStack as adware. This application was discovered while inspecting deceptive websites offering to update supposedly outdated software