Coper is the name of an Android banking Trojan. Our malware researchers discovered that Coper is linked to another Android malware called ExoBotCompat (a reformed version of Exobot). It targets various banking apps. We found that Coper impersonates various banking and utility apps (it uses them as
Lloo is the name of a malicious program within the ransomware classification, which our researchers discovered while inspecting new malware submissions to VirusTotal. Lloo is yet another program belonging to the Djvu ransomware family. After executing a sample of Lloo on our test machine, we lear
After inspecting this email we found that it is a phishing email containing a link that opens a deceptive website asking to provide login credentials. This email is disguised as a letter from an email service provider. It states that incoming messages have been suspended. This email claims
During a routine inspection of new submissions to VirusTotal, our research team discovered the Llee ransomware-type program. We determined that Llee is part of the Djvu ransomware family. Once we launched a sample of Llee on our test machine, it encrypted files and appended their filenames with a
Lltt is ransomware that belongs to the Djvu ransomware family. We discovered it while analyzing malware samples submitted to the VirusTotal site. Lltt encrypts files and appends the ".lltt" extension to their filenames. It also creates a ransom note (the "_readme.txt" file). An example of how Llt
Edw is ransomware that encrypts files, appends the victim's ID, edward22w@aol.com email address, and the ".edw" extension to filenames, and generates two ransom notes (displays a pop-up window and creates a text file named "FILES ENCRYPTED.txt"). We found that Edw belongs to a ransomware family ca
FARGO is a new variant of the TargetCompany ransomware. Malware of this type is designed to encrypt data and demand ransoms for the decryption. After we launched a sample on our test system, we learned that this ransomware encrypts files and appends their filenames with a ".FARGO" extension. For
While inspecting new submissions to VirusTotal, our researchers discovered the CladRumble application. After analyzing this piece of software, we determined that CladRumble operates as adware and belongs to the AdLoad malware family. Advertising-supported software may require specific co
Our inspection of the "Booking Offer" email revealed that it is spam designed to spread malware. This letter claims to contain the specifications for a room booking. When the attached file is opened, it triggers FormBook malware's infection chain. The email with the subject "Booking for 8
Newware is yet another malicious program belonging to the MedusaLocker ransomware family, which our researchers discovered while inspecting new submissions to VirusTotal. Once we launched a sample of Newware ransomware on our test machine, it encrypted files and appended their filenames with the