Trojan:Win32/Znyonm is a detection name used to identify backdoor malware like Pikabot, Remcos RAT, and GuLoader. Backdoor malware is a type of infection that stays dormant on a device until it’s commanded to download another malicious payload. If no security software is installed on a device, these trojans can stay unnoticed as they do not exhibit any obvious signs of…
The “Urgent Security Alert” email is part of a phishing campaign that aims to steal users’ email login credentials. The email is disguised as a notification from the email service provider, supposedly informing users that their passwords will expire and their accounts will be restricted and even permanently deactivated. The email asks that users take immediate steps to maintain the…
The “Human Resource Internal Memo” email is part of a phishing campaign that tries to steal users’ email login credentials. The email is disguised as a notification email from the recipients’ workplace HR Department, and informs them about the 2025 Annual Salary compensation Report. Supposedly, recipients can check the report by clicking on the provided link. If users were to click…
Mzre ransomware is a file-encrypting malware that takes files hostage and demands a payment for a decryptor. It comes from the Djvu/STOP malware family, and can be differentiated from its other versions by the .mzre extension added to encrypted files. The ransomware targets personal files, so you can expect all your photos, documents, etc., to have the .mzre extension added…
The “Mailbox Usage Warning” email is part of a phishing campaign that targets users’ email login credentials. The email is disguised as a notification from the email service provider, informing users that their inboxes are almost full. The email does not contain a lot of information, but it implies that recipients need to free up space to continue receiving and sending…
Cdaz ransomware, or .cdaz virus, is a file-encrypting malware from the Djvu/STOP ransomware family. It’s a dangerous infection that takes all personal files on the infected device hostage and demands payment for their recovery. The ransomware can be identified by the .cdaz extension added to encrypted files. You will not be able to open files with that extension unless you…
The “We Have Your Search Requests And Webcam Footage” email is part of a sextortion scam email campaign that tries to blackmail recipients into paying $1,350. The email claims that recipients have been spied on via malware on their computers, which allowed the sender to steal search queries and make videos of recipients watching pornography. These scammers threaten to send…
Jlaz ransomware (or .jlaz virus) is file-encrypting malware from the Djvu/STOP ransomware family. Because it targets and encrypts personal files, it’s considered to be a very dangerous infection. It can be identified by the .jlaz extension added to all encrypted files. Unfortunately, you will not be able to open files with that extension unless you first use a decryptor on…
The “Data From All Your Devices Is Copied To My Servers” email is part of a sextortion email spam campaign that tries to blackmail recipients into paying $1,300. The email claims that the recipient’s computer has been infected with malware (specifically, a trojan horse), which allows its operator to monitor the infected computer. This has supposedly allowed the trojan operator to…
Yandex ransomware, also called .yandex virus, is a file-encrypting malware. It’s a type of malicious infection that takes files hostage by encrypting them. If your computer is infected with this ransomware and your files have been encrypted, they will have the .yandex extension added to them. You will not be able to open files with this extension unless you first…