Rans_recovery is ransomware that encrypts files to prevent victims from accessing them. Also, Rans_recovery appends the ".rans_recovery" extension to filenames, drops the "Recovery.txt" file containing a ransom note, and changes the desktop wallpaper. We discovered Rans_recovery while inspecting s
While testing the DefaultFormat application, we noticed that various unwanted advertisements were coming from it. Apps that show ads are called advertising-supported applications. Typically, users download and install apps such as DefaultFormat inadvertently. We discovered DefaultFormat while in
We have analyzed dokookamida[.]com and found that it uses a clickbait technique (shows a deceptive message) to trick visitors into allowing it to show notifications. Our team has discovered dokookamida[.]com while inspecting pages that use shady advertising networks. Typically, users open pages li
While inspecting the LinkDownloader application, we discovered that it is a browser extension that functions as adware. While added to a web browser, LinkDownloader shows annoying advertisements. Most users install/add adware unintentionally. We discovered multiple deceptive pages promoting LinkDo
Proprotect2023[.]xyz is one of the many deceptive pages running the "McAfee - Your PC is infected with 5 viruses!" scam. This page shows fake virus alerts to trick visitors into purchasing legitimate software. Also, proprotect2023[.]xyz asks for permission to show shady notifications. Thus, it can
Worry is one of the ransomware variants belonging to the Phobos family. It encrypts data, modifies filenames of all encrypted files, and creates two ransom notes ("info.hta" and "info.txt"). Our malware researchers discovered Worry while checking the VirusTotal for recently submitted samples. Wor
We have examined this email and concluded that it is sent by scammers who aim to trick recipients into providing sensitive information on a phishing website. It is disguised as a letter regarding some contract document shared with recipients. This email should be marked as spam and deleted.
Demon is the name of an information stealer. It is a rebranded version of the Luca stealer. Demon is written in Rust programming language. It exfiltrates stolen sensitive information via Telegram. This malware should be eliminated from infected computers as soon as possible. It is known De
Sunjun is ransomware that encrypts files and modifies their filenames. Also, it drops the "Read.txt" text file to provide contact information. Sunjun is part of the VoidCrypt ransomware family. We discovered it while examining malware samples submitted to VirusTotal. Sunjun appends the victim's I
We have inspected authenticguarding[.]com and learned that it displays deceptive messages to trick visitors into believing that their computers are infected. Authenticguarding[.]com runs the "McAfee - Your PC is infected with 5 viruses!" scam. This site uses deceptive marketing to promote legitima