During a routine inspection of untrustworthy websites, our researchers found the news-gocuco[.]cc rogue site. It operates by promoting deceptive content, pushing browser notification spam, and redirecting visitors to different (likely unreliable/malicious) pages. Most users enter them via redirect
VistaQuantum is a rogue application that we discovered while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware. Additionally, VistaQuantum belongs to the AdLoad malware family. Adware enables the placement of third-party
After analyzing this email, we found that its purpose is to trick recipients into infecting their computers with a remote access Trojan named BitRAT. It is disguised as a letter from Amazon and contains a malicious attachment (a malicious disk image file). The email claims that a package h
WORLD GRASS (also known as EarthGrass/EarthGress) is a ransomware-type program that our research team found while inspecting new submissions to VirusTotal. After launching a sample of this ransomware on our test machine, we learned that it encrypts files and appends their filenames with a ".34r7h
Saitama is the name of a backdoor malware (written in .Net) that abuses DNS protocol for C2 (Command and Control) communications. It can execute remote commands and drop files. We have discovered this backdoor during the analysis of an email containing a malicious attachment (an Excel document).
Our malware researchers have discovered a new ransomware variant called Redem Mikhail during a routine check of malware samples submitted to the VirusTotal page. They found that Redem Mikhail is part of the Spora ransomware family. Once executed, it encrypts files, modifies their filenames, and cr
While inspecting new submissions to VirusTotal, our researchers found the PDFCreator application. It has multiple detections as "adware" on VirusTotal. Although we did not observe any characteristics of such software during analysis (potentially due to some sort of incompatibility between PDFCr
Our team has discovered the VoltageTask application while inspecting various deceptive web pages. After installing and analyzing this app, we learned that it displays intrusive advertisements. Therefore, we categorized VoltageTask as adware (advertising-supported software). A big part of
While inspecting questionable websites, our research team discovered the cauthaushoas[.]com rogue webpage. It is designed to host dubious content, promote browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites. Most users enter websites like cauthaushoas[.]c
We discovered the mkjxtu[.]com page while examining various illegal movie streaming pages, torrent sites, and other sites that use rogue advertising networks. During analysis, we found that mkjxtu[.]com displays deceptive content/uses a clickbait technique to get permission to show notifications.