While reviewing new malware submissions to VirusTotal, our researchers discovered the Puld ransomware. This malicious program belongs to the MedusaLocker ransomware family. Puld is designed to encrypt files and demand payment for the decryption. On our test machine, this ransomware encrypted file
We have inspected adsfreshclick[.]top and found that it uses clickbait to deceive visitors into agreeing to receive its notifications. When adsfreshclick[.]top obtains permission to show notifications, it delivers fake messages to promote other untrustworthy websites. Thus, adsfreshclick[.]top sho
Our discovery of the Backups malware occurred while examining samples uploaded to VirusTotal. Our analysis shows that Backups is ransomware designed to encrypt files and appends an email address and the ".backups" extension to files. For instance, it renames "1.jpg" to "1.jpg.[backups@airmail.cc].
During our inspection of Valenciennes.app, we found that it is adware belonging to the Pirrit family. Multiple security vendors flag this application as malicious, and it can display annoying ads to promote potentially malicious web pages. Thus, users should avoid installing the Valenciennes.app
We analyzed FatHomage.app and found that it displays unwanted ads, which is why we classify it as adware. Besides showing ads, it may also collect various information. Additionally, multiple security vendors flag it as malicious, and it is associated with the Pirrit adware family. Thus, users sh
While investigating dubious sites, our research team discovered this fake "Ethereum (ETH) Rewards" webpage (ethrewards[.]pro; other domains are possible). This deceptive page supposedly allows users to get any unclaimed Ethereum rewards that they may have. The scam aims to deceive victims into exp
Polyhedrical.app is a rogue application discovered by our researchers while browsing new submissions to the VirusTotal site. Upon inspection, we learned that this piece of software is adware from the Pirrit family. Advertising-supported software is designed to generate revenue for its developers
Our researchers discovered this fake "Claim Sign" page (claim.signcommunity[.]link; possibly other domains) during a routine investigation. This webpage masquerades as the Sign Protocol website (sign.global). It lures victims into exposing their digital wallets to a cryptocurrency drainer by imply
While investigating suspicious websites, our researchers discovered this fake "WalletConnect Token (WCT) Airdrop". The scam offers an unbelievable discount for WalletConnect Tokens (WCT), yet after victims make the purchase – they receive nothing. It must be emphasized that this scam is in no way
We have examined Gastaldo.app and discovered that it displays unwanted advertisements. Thus, we classified Gastaldo.app as adware. In addition to delivering ads, Gastaldo.app may gather user data and other information. Another reason to avoid the app is that it is flagged as malicious by multipl