KurayStealer is the name of a malware builder that we found promoted on Discord. KurayStealer has the ability to steal passwords and capture screenshots. It is written in the Python programming language. We also learned that there are free and paid versions of the KurayStealer malware builder (the
Discovered by Cyble Research Labs, Eternity is a ransomware-type program that is part of the Eternity malware family. Ransomware is designed to encrypt data and make ransom demands for the decryption. When we launched a sample of Eternity on our test machine, we learned that it encrypts files usi
After analyzing the page, we concluded that it is a scam website operated by individuals who aim to collect illegitimate commissions from purchases made via their page. This page uses a scare tactic to trick visitors into purchasing antivirus software. It is highly advisable to ignore websites of
Discovered by Cyble Research Labs, Eternity is the name of a malware family. Actively sold on the Web, Eternity's developers use the Telegram IM (Instant Messaging) service to sell their malicious wares, as well as provide support and customization to buyers. Telegram can also be employed by the a
We have examined this website and found that it runs a technical support scam. It is a fake Apple website claiming that a computer is infected and urging to call the provided number ("Apple Support"). Typically, the purpose of such scams is to extract money, sensitive information, or distribute
Kekpop is ransomware that encrypts files (and renames them) and demands payment for file decryption. It creates the "ReadMe.html" file that contains payment information. Kekpop renames files by appending the ".kekpop" extension to filenames, replacing the original name with a string of random char
PlusTarget is an advertising-supported application. The purpose of this app is to display various advertisements (e.g., banners, coupons, pop-ups). We have discovered this app while inspecting deceptive websites. It is not a trustworthy app that should never be downloaded and installed.
News-nubuyo[.]cc is a deceptive page designed to trick visitors into agreeing to receive its notifications. Another issue with this site is that it redirects to other pages of this type. Our team has discovered news-nubuyo[.]cc while examining illegal movie streaming pages, torrent sites, and simi
Cool Search is an application that hijacks a web browser to promote the cool-search.com address, a fake search engine. It does that by changing certain settings. Typically, users download and install apps of this type unknowingly. We have discovered Cool Search while inspecting deceptive websites.
LockData is a malicious program based on Chaos ransomware. We found this program while inspecting new malware submissions to VirusTotal. After being launched onto our test machine, LockData began encrypting files and appending their filenames with an extension consisting of four random characters