Our malware researchers have discovered a ransomware variant (belonging to the Phobos family) called GUCCI. It was found while analyzing malware samples submitted to VirusTotal. GUCCI is ransomware that encrypts files, appends the ".GUCCI" extension (and the victim's ID) to filenames, and generate
Xcvf is a malicious program categorized as ransomware. It is designed to encrypt data and demand ransoms for the decryption. We found Xcvf while inspecting new malware submissions to VirusTotal. Additionally, we determined that this program is part of the Djvu ransomware family. After being launc
We have discovered the InfoMajorSearch application after downloading a fake Adobe Flash Player installer from a deceptive website. It was found that this application serves annoying advertisements. It functions as adware. Clicking on advertisements displayed by InfoMajorSearch can open s
While inspecting shady websites, our research team discovered news-waxawo[.]com. This rogue page is designed to push browser notification spam and redirect visitors to different (likely unreliable/malicious) sites. Most visitors to webpages like news-waxawo[.]com access them through redirects caus
Defenceprogramm[.]com is a rogue site that our research team found while inspecting deceptive webpages. This page operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites. Users typically enter webpages like defenc
Discovered by Petrovic, Sijr is a piece of malicious software belonging to the Djvu ransomware family. We obtained a sample of this ransomware from VirusTotal and executed it on our test machine. Sijr encrypted the files on our test system and appended their filenames with a ".sijr" extension. Fo
Bbnm is the name of a malicious program categorized as ransomware. We determined that this program belongs to the Djvu ransomware family. After being launched onto our test machine, Bbnm encrypted files and appended their filenames with a ".bbnm" extension. For example, a file originally named "1
Our team has discovered a clipper malware called 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p while inspecting cracked software download websites. Cybercriminals use this malware to steal Bitcoin cryptocurrency. We also found that the installer containing 3Ex2BJT2aiqDJKPAFeuWMbB4T6MhML384p malware injects a
After analyzing the "Please find attached receipt" email, we determined that it operates as a phishing scam. This letter promotes a website disguised as an email sign-in webpage that targets account log-in credentials (i.e., passwords). The spam email requests the recipient to provide corr
Betaengine[.]org is one of the many deceptive pages designed to trick visitors into agreeing to receive their notifications. Most of these pages are promoted via other pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). We have discovered betaengine[.]or