"Capital One SECURITY MESSAGE" is a phishing email. It is disguised as a notification from Capital One regarding an incoming payment to the recipient's account. Supposedly, the payment verification process requires them to sign in through an attached HTML document, which is a phishing file that re
Our researchers discovered the New Tab Nature browser extension while investigating untrustworthy sites. This piece of software promises to display nature-themed browser wallpapers. After analyzing this extension, we determined that it is a browser hijacker. New Tab Nature makes modifications to b
Joyful Quotes is a browser extension promising to display quotes from famous writers and figures. Our research team discovered this piece of software while inspecting dubious websites. After analyzing Joyful Quotes, we determined that it is a browser hijacker. This extension modifies browser sett
VantageGains is a rogue application that our researchers discovered while investigating VirusTotal website. After analyzing this piece of software, we determined that it is adware. VantageGains is part of the AdLoad malware family. This app operates by running intrusive ad campaigns. Adw
During a routine inspection of new submissions to the VirusTotal website, our research team discovered the Alock ransomware-type program. It is part of the MedusaLocker ransomware family. On our test system, Alock ransomware encrypted files and appended their filenames with a ".alock" extension.
While investigating rogue websites, our research team discovered the "Clop Ransomware.dll" technical support scam. Presented as Microsoft/Windows, this scam falsely claims that users' computers are infected to trick them into calling fake support lines. Typically, these scams involve remote access
BLACK ICE ransomware is a type of malware designed to encrypt data and demand ransoms for its decryption. Additionally, this program uses double extortion tactics. After we executed a sample of BLACK ICE on our test machine, it encrypted files and appended their filenames with a ".ICE" extension.
INC is a ransomware-type program designed to encrypt data and demand payment for decryption. On our test machine, this malware encrypted files and appended their filenames with a ".INC" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.INC", "2.png" as "2.png.INC", and so
Re-captha-version-3-21[.]top is the address of a rogue site that promotes browser notification spam and redirects visitors to different (likely unreliable/malicious) webpages. Most users access pages like re-captha-version-3-21[.]top via redirects caused by websites utilizing rogue advertising ne
ZestyPeak is a rogue app that we discovered while investigating new submissions to VirusTotal. When we examined this application, we found that it is advertising-supported software (adware) belonging to the AdLoad malware family. ZestyPeak operates by running intrusive advert campaigns to genera