Omerta is ransomware belonging to the Scarab family. The purpose of ransomware is to encrypt files. We discovered Omerta while inspecting malware samples submitted to VirusTotal. In addition to encrypting data, Omerta replaces filenames with a string of random characters with the ".omerta" as the
Medusa Stealer is the name of a malicious program. Described by its promotional website as a data recovery/extraction and network testing tool - it is quite evident that Medusa Stealer's intended application is far less savory. This malware is capable of stealing data, launching DDoS attacks, and
While investigating defender-pro-2022[.]xyz, our team learned that it shows deceptive content to trick visitors into believing that their computers are infected and purchasing antivirus software. This page runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it wants to/can show dec
Ducktail is the name of an information-stealing malware. Earlier, Ducktail (.NetCore version) was used to steal Facebook Business accounts (threat actors targeted people with Facebook Business Accounts). Now, this malware (PHP version of Dukctail) is being used to steal all types of accounts (inc
We discovered the vital-scanner[.]com rogue webpage while inspecting dubious sites. This page is designed to promote scams, push spam browser notifications, and redirect users to different (likely unreliable/harmful) websites. Most visitors to vital-scanner[.]com and similar webpages enter them v
Internal-scanning[.]com is a rogue page that runs scams, promotes browser notification spam, and redirects visitors to other (likely unreliable/dangerous) sites. Our researchers discovered this untrustworthy webpage while inspecting websites that use rogue advertising networks. Typically, pages l
Our researchers discovered the CMLOCKER ransomware-type program while investigating new submissions to VirusTotal. It operates by encrypting data and demanding ransoms for the decryption keys/tools. After we executed a sample of CMLOCKER on our test machine, it encrypted files and appended their
While investigating this email, we found that it is a scam email written by scammers who aim to lure unsuspecting recipients into opening the attached file. Scammers disguised this email as a letter from a company called AMERICAN GLOBAL TRADE regarding a new purchase order. It is strongly recommen
We examined powersoftwarepc[.]com and learned that it is a deceptive page running the "McAfee - Your PC is infected with 5 viruses!" scam. Additionally, this website wants to show notifications. Our team discovered powersoftwarepc[.]com while analyzing shady web pages that use rogue advertising ne
RONALDIHNO ENCRYPTER is ransomware - a type of malware that uses cryptography to encrypt files (to make them inaccessible). Also, this particular ransomware appends the ".r7" extension to filenames, changes the desktop wallpaper, and creates the "READ_THIS.txt" (a ransom note). We discovered RONAL