Discovered by MalwareHunterTeam, FantaroX is a malicious program based on the Chaos ransomware. It is designed to encrypt data and demand payment for the decryption. We obtained a sample of FantaroX from VirusTotal and launched it onto our test machine. After that, it began encrypting files and a
Huis_bn is ransomware that belongs to the Xorist ransomware family. Our malware researchers have discovered Huis_bn while checking the VirusTotal page for recently submitted malware samples. It was found that Huis_bn encrypts files and appends ".huis_bn" as their new extension. Also, this ransomw
Jhgn is a piece of malicious software classified as ransomware. Our researchers discovered this program while inspecting new submissions to VirusTotal. We learned that Jhgn is part of the Djvu ransomware family. Once launched onto our test system, this ransomware began encrypting files and append
ActiveProcess is the name of an adware-type application that our team has discovered while inspecting deceptive websites. The purpose of this application is to generate advertisements. Typically, software of this type is disguised as legitimate software. Also, it is promoted and distributed main
While inspecting new malware submissions to VirusTotal, our researchers found the Black Basta ransomware. After launching a sample on our test system, we learned that this malicious program encrypts files and appends their filenames with a ".basta" extension. For example, a file initially titled
AID is malware that functions as a loader and a clipper. It is written in C++ programming language. AID is promoted on a hacker forum. It is sold for $75 (at the moment, its developer uses a sales promotion and sells AID for $50). AID can execute EXE (executable) files downloaded via a spe
While inspecting new submissions to VirusTotal, our research team found the Jhbg ransomware-type program. We determined that this program belongs to the Djvu ransomware family. After being launched onto our test machine, Jhbg encrypted files and appended their filenames with a ".jhbg" extension.
Locked is ransomware belonging to the Phobos family. We have discovered this variant on VirusTotal (while checking the page for recently submitted malware samples). Locked ransomware encrypts files and appends the victim's ID, robertopaulick@mail.ee email address, and ".locked" extension to filena
We have discovered a new Djvu ransomware variant called Dewd. It was discovered while analyzing the samples submitted to VirusTotal. After testing this ransomware, we found that it encrypts files and appends the ".dewd" extension to filenames. Also, it creates a text file named "_readme.txt". This
Thefreeadv[.]com is a rogue site that our researchers discovered while inspecting shady websites. It operates by promoting spam browser notifications through deception, and this page can also redirect visitors to others (likely harmful/malicious ones). Users typically access webpages like thefree