Woody is the name of a Remote Access Trojan (RAT). Malware within this category allows remote access and control over compromised machines. Woody is a piece of sophisticated malicious software, and it has a variety of functionalities. The research done by the Malwarebytes Threat Intelligence team
After examining this email, we found that it is a deceptive email masquerading as a letter from an email service provider. Scammers behind it attempt to trick recipients into opening the provided website link. Their goal is to extract sensitive information via a phishing website. Scammers
While inspecting untrustworthy cryptocurrency-related websites, we discovered a fake Trust Wallet page hosting Android malware. Cybercriminals use this site to trick unsuspecting visitors into downloading a backdoored version of the Trust Wallet application. While inspecting this malware, we noti
Payt is a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal. When we executed this ransomware on our test system, it encrypted files and appended their filenames with a unique ID, the cyber criminals' email address, and either a ".Payt" or ".
AnalyzerSystem is an untrustworthy application distributed via a fake Adobe Flash Player installer. After installing and analyzing the app, we learned that it is useless and shows unwanted advertisements. Thus, we classified AnalyzerSystem as adware. AnalyzerSystem displays intrusive adv
After examining musicinmysoul[.]biz, we learned that it displays deceptive content to trick visitors into allowing it to show notifications. Another reason not to trust musicinmysoul[.]biz is that it can redirect to other pages of this kind. We discovered musicinmysoul[.]biz while inspecting websi
YamaBot is the name of a cross-platform malware written in the Go programming language. This malicious program targets both Windows and Linux Operating Systems (OSes). YamaBot is associated with the North Korean state-backed cyber criminals known as the Lazarus Group. YamaBot attacks have been obs
While looking through new submissions to VirusTotal, our researchers discovered the ComputingInvolve application. Our analysis of this piece of rogue software revealed that it operates as adware. Additionally, we learned that this app is part of the AdLoad malware family. Adware displays
Aigaithojo[.]com is an untrustworthy page that wants to show notifications. It uses a clickbait technique (a deceptive method) to trick visitors into allowing it to show those notifications. Also, aigaithojo[.]com redirects visitors to other websites. We discovered aigaithojo[.]com while inspectin
Screen Locking malware refers to screenlocker-type ransomware programs that target Android operating systems. There are numerous variants of this malware, but they differ from previously observed Android screenlockers due to the novel techniques that they use. This is a high-end screenlocker famil