GonaCry is ransomware that encrypts files, modifies filenames of the encrypted files, changes the desktop wallpaper, and provides a ransom note (creates the "read_it.txt" file). GonaCry is based on Chaos ransomware. Our team discovered it while examining samples submitted to the VirusTotal page.
While checking out suspicious websites, our researchers discovered the link2captcha[.]top rogue webpage. It promotes browser notification spam by using fake CAPTCHA verification. Additionally, this page can redirect users to different (likely untrustworthy/harmful) websites. Most users access web
While investigating new submissions to VirusTotal, our researchers discovered the BTC (Azadi) ransomware. Malware within this classification operates by encrypting data and demanding payment for decryption. Once we executed a sample of BTC (Azadi) on our test machine, it began encrypting files. T
While inspecting helllomedias[.]com, we found that it is a deceptive page that displays a fake message to lure visitors into agreeing to receive notifications. Also, helllomedias[.]com may redirect visitors to other shady sites. Thus, it is advisable not to trust helllomedias[.]com. Helllo
We have examined this email (and the website within this letter) and determined that it is a phishing email disguised as a letter regarding a Bitcoin and Ethereum cryptocurrency sale. Scammers behind it attempt to trick recipients into providing sensitive information. Thus, recipients should ignor
Erop is ransomware that encrypts files, appends the ".erop" extension to filenames of all encrypted files, and creates the "_readme.txt" file that contains a ransom note. Erop belongs to the Djvu ransomware family. It may be distributed alongside RedLine, Vidar, or another information stealer. Ou
Hot-investing-news[.]com is a rogue page that we discovered during a routine inspection of suspicious websites. This page is designed to promote deceptive content, push browser notification spam, and redirect visitors to other (likely untrustworthy/dangerous) websites. Most users access webpages
AdjustableBox is a rogue app that we discovered while inspecting new submissions to VirusTotal. Our analysis of this application revealed that it is advertising-supported software (adware). We also determined that AdjustableBox is part of the AdLoad malware family. Adware operates by ena
While reviewing new malware submissions to VirusTotal, our researchers discovered the Masons ransomware-type program. After we executed a sample of Masons on our testing system, it encrypted files and appended their filenames with a ".masons" extension. For example, a file named "1.jpg" appeared
GoogleUpdate is a malicious program that we found after installing a rogue setup downloaded from a deceptive webpage. The installer was also bundled with adware. Therefore, if GoogleUpdate is present on the system – other unwanted or malicious content has likely infiltrated it as well. Aft