Lkfr is a ransomware variant linked to the Djvu family. Lkfr operates by encrypting files and altering their filenames by adding its extension (".lkfr"). As an illustration, it transforms "1.jpg" into "1.jpg.lkfr", "2.png" into "2.png.lkfr", and so forth. Along with encrypting your files, Lkfr dr
We found the ExploreDesktop application during a routine inspection of new submissions to the VirusTotal platform. ExploreDesktop is adware from the AdLoad malware family. This app is designed to generate revenue for its developers by feeding users with unwanted and potentially dangerous adverti
While investigating unreliable websites, our research team discovered the update-macos[.]com rogue page. After reviewing it, we determined that this webpage promotes browser notification spam and redirects users to other (likely deceptive/malicious) sites. Most visitors to update-macos[.]com and
While reviewing new submissions to the VirusTotal platform, our researchers discovered the ParameterBuffer adware. This application is part of the AdLoad malware family. ParameterBuffer operates by running intrusive advertisement campaigns. Adware stands for advertising-supported softwar
Our research team discovered the Minimalist Search browser extension while browsing deceptive websites. After installing this piece of software on our testing system, we learned that it changes browser settings to promote (via redirects) the minimalistsearch.com fake search engine. Due to this beh
Our research team discovered the SimpleCache app while investigating submissions to the VirusTotal website. After analyzing this piece of software, we learned that it is adware from the AdLoad malware family. SimpleCache runs intrusive ad campaigns and may have additional harmful capabilities.
ProfessionalView is a rogue application that we discovered while reviewing new file submissions to the VirusTotal website. Upon examination, we determined that this app is advertising-supported software (adware). ProfessionalView is part of the AdLoad malware family. Adware is designed t
2023lock is a ransomware-type program. This malicious program is designed to encrypt data and demand ransoms for its decryption. On our testing machine, 2023lock encrypted files and appended their filenames with a ".2023lock" extension. For example, a file originally titled as "1.jpg" appeared as
Discovered by Group-IB, GoldPickaxe is a trojan. This malware has two variants – an Android and an iOS version. The trojan targets information, but most importantly, it seeks biometrics – specifically facial recognition data. GoldPickaxe is used by a sophisticated threat actor dubbed GoldFactory.
In our evaluation of the ExpandedControl application, we found that it showcases intrusive advertisements, prompting us to categorize it as adware. It is important to mention that software falling into this classification frequently has the capability to collect various types of data. Th