We have discovered the Dark Display application while examining shady websites and inspecting deceptive advertisements. We learned that Dark Display is supposed to provide a dark mode for web browsers but functions as adware (it shows unwanted advertisements). After testing many advertisin
Our team discovered the Simple Search application while analyzing deceptive web pages. We found that the purpose of Simple Search is to promote search.simple-searchs.com (force users to browse the Internet with a fake search engine). Simple Search promotes this address by hijacking a web browser (
RozbehOfSatan is the name of a ransomware-type program. It is a new variant of the Rozbeh ransomware. After executing a sample of RozbehOfSatan on our test system, it encrypted files and created a ransom note. Typically, ransomware renames the affected files, but that is not to case with RozbehOf
Our team has spotted the TextBoard application while inspecting samples submitted to the VirusTotal website. After examination, we learned that the purpose of TextBoard is to display various advertisements. Thus, we classified this application as adware. Typically, users install software of this
Togo Tab is a rogue browser extension that we found while inspecting dubious download webpages. We determined that this piece of software operates as a browser hijacker. It modifies browsers and promotes the togosearching.com illegitimate search engine. Browser hijackers make specific chan
While inspecting untrustworthy download webpages, our research team discovered the Top Search browser extension. Our analysis of this extension revealed that it operates as browser-hijacking software and promotes the search.tops-searchs.com fake search engine. After we installed Top Search
LockBit 3.0 (also known as LockBit Black) is a new variant of the LockBit ransomware. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a text file (named "[random_string].README.txt") on the desktop. LockBit 3.0 replaces the name of the file and its extension w
Ghsd is ransomware, a form of malware designed to encrypt files. We discovered it while examining the samples submitted to VirusTotal. Ghsd is part of the Djvu ransomware family. It not only encrypts but also renames files (by appending the ".ghsd" extension to filenames) and drops the "_readme.tx
While inspecting recent malware submissions to VirusTotal, our researchers discovered a new variant of Sojusz ransomware called Ner. We analyzed a sample of this ransomware by executing it on our test machine. Ner encrypted files and modified their filenames. Original titles were appended with a
While examining deceptive websites encouraging to download a fake Adobe Flash Player installer, we found an application called ObsessionScript. After testing the app, our team learned that it functions as adware - it feeds users with annoying advertisements. Clicking on advertisements di