LockBit 3.0 (also known as LockBit Black) is a new variant of the LockBit ransomware. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a text file (named "[random_string].README.txt") on the desktop. LockBit 3.0 replaces the name of the file and its extension w
Ghsd is ransomware, a form of malware designed to encrypt files. We discovered it while examining the samples submitted to VirusTotal. Ghsd is part of the Djvu ransomware family. It not only encrypts but also renames files (by appending the ".ghsd" extension to filenames) and drops the "_readme.tx
While inspecting recent malware submissions to VirusTotal, our researchers discovered a new variant of Sojusz ransomware called Ner. We analyzed a sample of this ransomware by executing it on our test machine. Ner encrypted files and modified their filenames. Original titles were appended with a
While examining deceptive websites encouraging to download a fake Adobe Flash Player installer, we found an application called ObsessionScript. After testing the app, our team learned that it functions as adware - it feeds users with annoying advertisements. Clicking on advertisements di
While examining questionable pages, our team discovered an application called Easy Search. We found that this app promotes the search.easy-searchs.com address. It does so by hijacking a web browser (by changing its settings). We also found that search.easy-searchs.com is a fake search engine.
While inspecting dubious download webpages, our researchers discovered the Dark Mode Online browser extension. After analyzing Dark Mode Online, we determined that it operates as advertising-supported software (adware). Adware is designed to display advertisements on visited sites and/or o
While inspecting questionable download webpages, our research team discovered the Common Search browser extension. Our analysis of this piece of software revealed that it operates as a browser hijacker. Common Search changes browser settings to promote the search.common-search.com fake search engi
VantageReservation is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it is adware belonging to the AdLoad malware family. Adware is designed to run intrusive advertisement campaigns. In othe
Discovered by the MalwareHunterTeam, Jenny is a piece of malicious software classified as ransomware. Programs within this classification encrypt victims' data and demand payment for the decryption. When we launched a sample of Jenny on our test system, it encrypted files and appended their filen
"Toll Fraud" malware refers to a specific category of malicious software targeting the Android Operating Systems (OSes). Apps within this classification aim to stealthily sign-up victims to various premium services, thus racking up their phone bills. As mentioned in the introduction, Toll