While checking out new submissions to VirusTotal, our researchers discovered the 725 ransomware. Evidence suggests that this malicious program could have been developed by the threat actors behind 32T ransomware. After we executed a sample of 725 on our test machine, it encrypted files and append
"Your Email Has Reached An Upgrade Stage Scam" refers to an email spam campaign. Our analysis of a letter belonging to this campaign revealed that it operates as a phishing scam. This spam mail aims to extract recipients' email account log-in credentials by claiming that their accounts will be clo
WebAge is the name of a rogue piece of software that we discovered while checking out new submissions to VirusTotal. After analyzing this application, we learned that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It operates by dis
While inspecting the Notification Manager browser extension, we found that it displays intrusive advertisements. Apps that show ads are classified as adware. Users often add (or install) adware without knowing it will display unwanted advertisements. Notification Manager is promoted as an
Vagus is the name of a Remote Access Trojan (RAT). Malware within this category is designed to enable remote access and control over compromised machines. These trojans can be highly multi-functional and cause a wide variety of damage. The following overview is based on Vagus RAT's promoti
While analyzing StyleLab, we discovered that it is an advertising-supported application - it shows intrusive advertisements. Also, StyleLab can read sensitive information. It is common for adware to be promoted and distributed using shady methods. Thus, users often download and install it inadve
RL Stealer is the name of the rebranded Ades information stealer. It can capture screenshots, steal data from various apps, and obtain system information and other data. Cybercriminals have been observed promoting RL Stealer on a hacker forum. This malware should be removed from infected computers
$ucyLocker is the name of a malicious program classed as ransomware. It is designed to encrypt data and make ransom demands for decryption. On our test machine, $ucyLocker encrypted files and appended their filenames with a ".WINDOWS" extension. For example, a file originally titled "1.jpg" appea
ENCODED is the name of ransomware that our team discovered while inspecting malware samples submitted to VirusTotal. We found that ENCODED encrypts data, appends the ".ENCODED" extension to filenames, drops the "HOW TO DECRYPT FILES.txt" file, and changes the desktop wallpaper. ENCODED's desktop
TapScroll is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it operates as adware. Additionally, we learned that TapScroll belongs to the AdLoad malware family. Adware stands for advertising-sup