Stopfiles is ransomware that belongs to the MedusaLocker ransomware family. It encrypts files and appends the ".stopfiles" extension to filenames. We have discovered it while checking the VirusTotal for recently submitted malware samples. Stopfiles provides a ransom note in the "Recovery_Instructi
While inspecting untrustworthy websites, we found the kerbians[.]click rogue page. It operates by loading deceptive material, promoting spam browser notifications, and causing redirects to (likely dubious/malicious) sites. Webpages likes kerbians[.]click are usually accessed inadvertently. Most us
blockZ is a piece of malicious software categorized as ransomware. Our research team discovered this program while inspecting new malware submissions to VirusTotal. After we executed a sample of blockZ on our test system, it encrypted files and appended their filenames with a ".blockZ" extension.
News-fedaka[.]cc displays deceptive content to get permission to show notifications. Also, it redirects to untrustworthy websites. Our team has discovered news-fedaka[.]cc while examining pages that use rogue advertising networks (e.g., illegal movie streaming, torrent sites). News-fedaka[
NB65 is ransomware based on another ransomware called CONTI. This malware encrypts files, appends the ".NB65" extension to filenames, and creates the "R3ADM3.txt" file containing a ransom note. It was discovered by Amigo-A. An example of how NB65 renames encrypted files: it changes "1.jpg" to "1.j
InitiatorActivity is an application our researchers found while inspecting fake software updaters/installers. After analyzing this rogue app, we determined that it operates as advertising-supported software (adware). InitiatorActivity also belongs to the AdLoad malware family. Adware may
LogicCheck is an adware-type application that generates advertisements and can read webpage contents and browsing history. We have discovered this application while inspecting deceptive pages offering to install software updates. In most cases, apps like LogicCheck are downloaded and installed u
After inspecting the "I broke into your computer system using the Wireless network router" email, we determined that it is spam that operates as a sextortion scam. It must be emphasized that all the claims made by this letter (i.e., possession of an explicit recording featuring the recipient, sys
We have examined this page and concluded that it is a fake Solana website (an identical copy) offering to register for participation in an ignition hackathon and win up to $5 million in prizes. Typically, scams of this kind are promoted via Twitter, Discord, Telegram, and other sites or apps, vari
Whisper Stealer is an information stealer targeting Chromium and Gecko browsers, cryptocurrency wallets, Discord tokens, and Telegram sessions (and other data). It is promoted (and sold) on hacker forums. There are five available subscription plans: 250 rubles for one month, 600 rubles for three