GURAM ransomware is a file-encrypting type of infection that essentially takes files hostage. The ransomware targets all personal files, encrypts them, and demands payment for their recovery. The ransomware can be identified by the extension it adds to encrypted files. Specifically, it adds a .{victims’ IDs}.GURAM to file names. Files that have this extension will not be openable unless you…
PlainGnome Android malware is a stealer trojan that targets Android devices. The trojan is believed to be operated by Gamaredon, a threat actor affiliated with the Federal Security Service of the Russian Federation (FSB). The malware appears to target Russian-speaking users in former USSR states, such as Uzbekistan, Kazakhstan, and Kyrgyzstan. The malware intends to steal information like call logs,…
The “Removal Of Dormant/Inactive Accounts” email is part of a phishing campaign targeting users’ email account credentials. The email falsely informs the recipient that they must confirm that their account is still active by clicking the provided button. Otherwise, the email account will supposedly be deleted if it’s not confirmed. However, if users engage with the email, they will get…
The “Some-one Try To Login Into Your Mailbox Address” email is part of a phishing campaign that aims to steal users’ email login credentials. The email claims that someone tried to log into the recipient’s email account, and if the recipient wants to continue using the account, they need to verify their account by clicking on the provided link. If…
The “Your Shipment With DHL Express Is On Its Way” email is part of a phishing email campaign that intends to steal users’ email login credentials. The email is disguised as a parcel delivery notification from DHL and claims that the recipient has a delivery on its way. The email has an attachment that supposedly contains the tracking number, and if…
SteelFox trojan is a malicious infection with a large range of features. Specifically, it’s a malicious bundle that contains a dropper, a loader, a miner, and a stealer infection. Users’ computers get infected primarily via popular software cracks, which users download via torrents, forums, and blogs. The malware operates as a miner and uses the device’s resources to mine for…
WezRat malware is a stealer trojan, a dangerous infection that aims to steal highly sensitive information from infected devices. The trojan has a wide range of capabilities, including data theft, keylogging, command execution, file upload, screenshot capture, and more. The malware is distributed through phishing emails urging users to update their Chrome browsers.
…
ACMA ransomware refers to a screen-locker ransomware that locks users’ screens and displays a fake law enforcement message. In this particular case, the screen locker message is supposedly shown by the Australian Communications and Media Authority (ACMA), Australian Federal Police (AFP), Australian Crime Commission (ACC), and Royal Australian Corps of Military Police (RACMP). Supposedly, the reason your screen was locked…
Australian Federal Police ransomware is a screen-locker type of ransomware. This particular version targets users in Australia but screen-locker infections show localized screens based on users’ locations. The ransomware locks the screen and displays an image saying users’ computers have been blocked because they’ve violated several laws. To avoid being charged with things like watching/distributing illegal pornography (child abuse, zoophilia),…
bigdatacorps.xyz is a deceptive website that displays a fake virus alert to trick users into either downloading questionable programs or calling fake tech support numbers. The site also prompts the browser to display an alert saying “bigdatacorps.xyz wants to show notifications”, and if you click “Allow”, the site will be permitted to spam ads on your desktop. Those ads may…