While inspecting dubious websites, our research team discovered the defenderfordevice[.]com rogue page. It promotes deceptive content, pushes spam browser notifications, and causes redirects to other (likely untrustworthy/malicious) sites. Most users enter webpages like defenderfordevice[.]com th
RedKrypt is ransomware that makes files inaccessible by encrypting them and appends the ".p.redkrypt" extension to filenames. Also, RedKrypt drops the "RedKrypt-Notes-README.txt" file containing a ransom note on the victim's desktop. Our malware researchers discovered RedKrypt while inspecting mal
QuantityTopic is an untrustworthy application designed to bombard users with annoying advertisements. Software of this type is called adware. Our team discovered QuantityTopic after using a fake installer downloaded from a page claiming that the installed version of Adobe Flash Player is outdate
EditInstruction is a rogue application that our researchers discovered during a routine inspection of new submissions to VirusTotal. After analyzing this piece of software, we learned that it is adware belonging to the AdLoad malware family. Adware is designed to run intrusive advertisem
Adslivetraining[.]com is a website designed to trick visitors into allowing it to show notifications. It uses a clickbait technique to lure visitors into clicking the "Allow" button. We discovered this deceptive page while examining sites that use rogue advertising networks (open shady pages and s
Phreaker is the name of a ransomware-type program discovered by your researchers during a routine inspection of new submissions to VirusTotal. This malicious program is based on the Chaos ransomware. Once we executed a sample of Phreaker on our test machine, it began encrypting files and appended
DAGON LOCKER is ransomware (an updated variant of the Mount Locker ransomware). It encrypts files and creates a ransom note (the "README_TO_DECRYPT.html" file) containing instructions on how to contact the attackers. Additionally, it renames files by appending the ".dagoned" extension to filenames
While testing IronBrowse, we found that this application displays intrusive advertisements. Apps that show unwanted apps are called advertising-supported apps (or adware). A big part of adware is promoted and distributed using questionable (often deceptive) methods. We discovered IronBrowse on a
Similar to ubersear[.]ch, poshukach[.]com is the URL of an illegitimate search engine. Websites of this kind are typically promoted by browser hijackers. However, we discovered poshukach[.]com while inspecting a malicious Android application that does not modify browsers. Instead, this app create
After inspecting the "Apple Invoice" email, we determined that it is spam mail. These scam emails are presented as invoices for Apple products that the recipients have supposedly purchased. Additionally, it is worth mentioning that we discovered spam text messages (SMSes) used to promote this "App