Nyx is ransomware that encrypts files, appends the victim's ID, datasupp@onionmail.com email address, and the ".NYX" extension to filenames, and drops the "READ_ME.txt" file (its ransom note). Our team discovered Nyx ransomware while inspecting malware samples submitted to VirusTotal page. An exa
While examining malware samples submitted to VirusTotal, our team discovered ransomware dubbed Xollam. We found that Xollam is a new variant of Mallox ransomware with a reversed name. It encrypts files, appends the ".xollam" extension to filenames, and creates the "FILE RECOVERY.txt" text file con
Our inspection revealed that this "Data Backup" email is spam. It operates as a phishing scam targeting email account log-in credentials. The fake letter claims that the mail service will be shut down, but if the recipient uses the linked backup guide – they will be able to continue using their ac
Youractualjournal[.]com is the address of a rogue webpage that our researchers discovered while inspecting untrustworthy sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) websites. Users typically enter such pages through redirects c
Pegasus is the name of a malicious program within the spyware classification. It targets Android operating systems and can perform various commands and extract a broad range of information. Pegasus is a highly sophisticated program developed by the Israeli cyber-arms company called NSO Group. Thi
While examining hiltus[.]click, we found that this page runs various scams (shows deceptive messages) and asks for permission to show notifications. This page cannot be trusted. Typically, users do not visit such sites on purpose. Our team discovered hiltus[.]click while inspecting pages that use
While inspecting the One Click Image Downloader application, we found that it is an advertising-supported browser extension. Apps of this type display unwanted advertisements. We discovered at least two deceptive websites promoting One Click Image Downloader. The description of the One Cli
While checking out suspicious sites, we discovered one promoting the Video Player Plus browser extension. It is presented as a tool that enables users to easily download videos in multiple formats. However, after inspecting Video Player Plus – we determined that it is advertising-supported softwar
While inspecting suspicious websites, our researchers discovered the Link Locator browser extension. It is promoted as a tool capable of displaying all links associated with a website in its interface. After analyzing this piece of software, we determined that it operates as adware. Adware
Seiv is a ransomware-type program. It operates by encrypting data in order to demand ransoms for the decryption. On our testing system, this ransomware appended the filenames of encrypted files with a ".seiv" extension. For example, a file originally named "1.jpg" appeared as "1.jpg.seiv", "2.png"