Our team has discovered an adware-type application (a browser extension) called text background during an analysis of deceptive websites. We learned that text background has no real value. The main purpose of this app is to bombard users with intrusive advertisements. Thus, it is recommended not t
During a routine inspection of dubious websites, our researchers discovered advtstudio[.]com - yet another rogue page. It promotes browser notification spam and redirects visitors to different (likely untrustworthy/malicious) sites. Users typically access such websites via redirects caused by pag
Cardiidae[.]com is one of the many deceptive websites that use clickbait techniques to trick visitors into agreeing to receive notifications. Also, it redirects visitors to deceptive websites. Users do not visit pages cardiidae[.]com intentionally. We found this page while examining other sites (i
While inspecting new submissions to VirusTotal, our researchers discovered the StormByte ransomware. Malware within this classification operates by encrypting files and demanding payment for the decryption. We determined that this malicious program is part of the Nominatus ransomware family. We e
While examining shady websites claiming that some installed software is out of date, we discovered an application called AuroraFit. After downloading and installing this app, we learned that it has no useful features and displays annoying advertisements. Thus, we concluded that AuroraFit functio
Oori is ransomware that belongs to the Djvu ransomware family. Our malware researchers discovered Oori while examining samples submitted to VirusTotal. We found that Oori encrypts files and appends its extension (".oori") to filenames. Also, it drops the "_readme.txt" file on the desktop (this fil
Ooxa is the name of ransomware we discovered while checking the VirusTotal site for recently submitted malware samples. Our team has found that Ooxa belongs to a ransomware family called Djvu. It is malware that encrypts files, modifies filenames (appends the ".ooxa" extension to them), and drops
Ptaimpeerte[.]com is a shady website we discovered while inspecting other pages of this kind (websites that use rogue advertising networks). Ptaimpeerte[.]com displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects visitors to a similar page.
While checking the VirusTotal page for recently submitted malware samples, our team discovered an OpenDocument malware. OpenDocument is a legitimate file format for Office Applications. Cybercriminals use a malicious OpenDocument file in their campaign to target Latin American hotels. They use it
Our research team discovered the adsandcomputer[.]com rogue page while inspecting untrustworthy sites. This webpage promotes spam browser notifications and redirects visitors to other (likely unreliable/harmful) websites. Users typically access such pages via redirects caused by sites using rogue