While inspecting new malware submissions on VirusTotal, our researchers found Ew328 ransomware. Once launched on our test machine, this malicious program encrypted files and appended their filenames with a random character string and the ".ew328" extension. For example, a file originally titled "
EvilNominatus (also known as EvilNominatusCrypto and NominatusStrike) is ransomware that we discovered while checking the malware samples on VirusTotal. The purpose of EvilNominatus is to encrypt files. We also found that it renames files by appending "-Locked" to their names and displays a pop-up
Our researchers found a dubious download page promoting the Key Web browser extension - during a routine inspection of sites using rogue advertising networks. After analyzing this piece of software, we determined that it is a browser hijacker that promotes the keysearchs.com illegitimate search en
During a routine inspection of rogue sites, our researchers discovered safewinodws[.]com. This webpage is designed to load deceptive content, promote browser notification spam, and redirect visitors to other unreliable/harmful pages. Most visitors to safewinodws[.]com and websites akin to it - en
We have discovered the SearchAim application after executing a fake Adobe Flash Player installer downloaded from a deceptive page. While installed, SearchAim displayed various untrustworthy advertisements. Thus, we have concluded that SearchAim is an advertising-supported application. Ou
The "OpenSea email scam" refers to a phishing spam campaign targeting OpenSea - NFT (Non-Fungible Token) marketplace accounts. These fake letters lure recipients into disclosing their account log-in credentials by claiming that they need to move their listings to avoid their expiration and additio
Ourcoolposts[.]com is a website that uses a clickbait technique to trick visitors into allowing it to show notifications. We have discovered ourcoolposts[.]com while clicking on shady ads and visiting pages that use questionable advertising networks. In most cases, sites like ourcoolposts[.]com ge
Gcyi is a ransomware-type program designed to encrypt data and demand ransoms for the decryption. Our researchers found and obtained a sample of this malware from VirusTotal. We have determined that Gcyi belongs to the Djvu ransomware family. During analysis, this ransomware appended the filename
MURK is ransomware that was discovered by our team while examining the malware samples submitted to VirusTotal. It was found that MURK encrypts files (and modifies their filenames) and generates two files containing ransom notes - "info.txt" and "info.hta". It is part of the Phobos ransomware fami
We have discovered the TradeValor application after clicking on a pop-up displayed by a deceptive page, implying that Adobe Flash Player is out of date. After installation, TradeValor started showing annoying advertisements. Thus, we concluded that TradeValor is an advertising-supported applicat