We have inspected Anubi (Anubis) and found that it is ransomware identical to Louis, Innok, and BlackPanther. It encrypts files and appends the ".Anubi" extension to them. Also, it changes the desktop wallpaper and provides a ransom note ("Anubi_Help.txt"). Additionally, Anubi displays a note on t
We have inspected sldefender[.]pro and discovered that it uses clickbait to trick visitors into agreeing to receive notifications. If permission is granted, sldefender[.]pro sends deceptive notifications that can lead to untrustworthy and potentially malicious websites. Overall, sldefender[.]pro s
SuperBlack is a malicious program likely built on LockBit 3.0 ransomware. SuperBlack is a ransomware-type program that encrypts data and demands payment for the decryption. On our testing system, it encrypted files and appended their filenames with an extension comprising a random character strin
While browsing file submissions to the VirusTotal platform, our researchers found the DiscoveryUniverse application. After investigating it, we determined that this app is advertising-supported software (adware). DiscoveryUniverse belongs to the AdLoad malware family. Adware is designed
While investigating suspicious websites, our researchers discovered the Clarity Tab browser hijacker. This extension promises to provide new tab widgets (e.g., clock, weather, bookmarks, etc.) and browser wallpapers. However, it changes browser settings to promote (via redirects) a search engine.
While browsing suspicious websites, our research team discovered the "Error_Code: GUI45WGV0001" scam. Upon examination, we determined that it is a technical support scam. It warns users that their computers are infected and urges them to call support. It must be stressed that these claims are fal
Our research team found GKICKG ransomware while browsing file submissions to the VirusTotal website. Ransomware operates by encrypting data and demanding ransoms for its decryption. On our test machine, this malicious program encrypted files and added ".{victim's_ID}.GKICKG" to their names. For e
We have inspected the site and concluded that it hosts a pop-up scam. These scams usually involve fake warnings/alerts or use other scare tactics to trick users into taking certain actions. None of the claims presented on these pages are true. It is best to close such pages and never visit them ag
MassJacker is a cryptojacking malware. The purpose of this malware is to steal cryptocurrency. It is likely distributed and utilized by multiple threat actors, suggesting that MassJacker may operate as a malware-as-a-service (MaaS). Users who suspect their computers may be infected should immediat
Squidoor is a backdoor-type malware that targets Windows and Linux OSes (Operating Systems). Programs within this classification open "backdoors" into targeted machines to prep them for further infection, and some can even download/install payload malware. Squidoor has been around since at least