Our team has discovered a new ransomware variant belonging to the Babuk family called Zazas. This variant was found while checking malware samples submitted to VirusTotal. After examination, it was concluded that Zazas ransomware encrypts files and creates a ransom note (the "How To Restore Your F
ProjectExpress is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our inspection of this application revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware may require
VectorPathCorner is the name of an advertising-supported application discovered by our team while inspecting shady websites offering to update installed software. The purpose of this app is to generate annoying advertisements. Most of the apps of this type are promoted and distributed using dece
Youconvert[.]net is an online converter allowing to download YouTube videos in MP3 format. After testing this page, we found that it can lead to shady websites and display unwanted notifications. This page uses rogue advertising networks (has questionable ads on it and redirects to other pages) an
VideoSearches is the name of a browser hijacker designed to promote video-searches.com - a fake search engine. It hijacks a web browser by changing its settings. Our team has found VideoSearches on a shady website. Like most apps of this type, VideoSearches is promoted and distributed using decept
While inspecting deceptive download sites, our research team found the go dark browser extension. After analyzing this piece of software, we learned that go dark operates as a browser hijacker promoting the getsins.com fake search engine. Following the successful installation of go dark on
Following our inspection of the "DHL Air Waybill" email, we determined that it is spam intended to infect the recipient's device with malware. This scam email is disguised as a message from the DHL logistics company - regarding a shipment. The file attached to this letter is designed to infect sy
Pterodo is a malicious program actively used in geopolitically-motivated cyber attacks against Ukraine. This malware has been linked to the Russian-based espionage group named Shuckworm (also known as Armageddon and Gamaredon). This group has targeted Ukraine almost exclusively since 2014. Pterod
Greenconvert[.]net is a website offering to download videos from YouTube and convert them to MP3 files (save videos in audio format). It is worth mentioning that it is not entirely legal to download videos from YouTube. Another issue with the greenconvert[.]net page is that it uses rogue advertisi
L3MON is an Android malware with a remote administration Trojan (RAT) functionality. It misuses the Accessibility services to steal sensitive information and perform other actions. We have discovered L3MON RAT while inspecting a trojanized Sathi Chat app that impersonates tje Crazy Talk messaging