While investigating new submissions to the VirusTotal platform, our research team discovered Anonymous – a malicious program that is part of the Xorist ransomware family. Malware of this kind encrypts data and demands ransoms for its decryption. On our test machine, Anonymous (Xorist) ransomware
We discovered Elons ransomware during an inspection of malware samples uploaded to VirusTotal. This ransomware is identical to Anubi, Louis, and Innok. Upon infiltration, Elons encrypts files and appends the ".Elons" extension to them. It also changes the desktop wallpaper, displays a note on the
MicroBrowser is a rogue application discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. After examining this app, we determined that it is adware. MicroBrowser belongs to the AdLoad malware family. Adware stands for advertising-supporte
Moscovium is the name of a ransomware-type program. It operates by encrypting data and demanding payment for the decryption. Files encrypted by this malware are appended with a ".m0sC0v1um" extension. For example, a file originally named "1.jpg" would appear as "1.jpg.m0sC0v1um", "2.png" as "2.png
Our inspection of the "Bank Details" email revealed that it is spam. This message claims that the invoice sent by the recipient lacks their company bank details, so the sender asks for this information. This spam mail aims to lure victims into visiting a phishing website that targets email account
While inspecting new file submissions to the VirusTotal platform, our researchers discovered MethodApplication. After examining this piece of software, we determined that it is adware from the AdLoad malware family. This app operates by delivering intrusive advertisement campaigns. Adwar
During our analysis of ActiveProcesser, we noticed that it is designed to display unwanted and often intrusive advertisements. Thus, we classified ActiveProcesser as adware. We also found that multiple security vendors have flagged it as malicious. Overall, ActiveProcesser should be avoided and
While investigating file submissions to the VirusTotal site, our researchers discovered the BrowserValue app. After examining this piece of software, we learned that it is advertising-supported software (adware) from the AdLoad malware family. BrowserValue aims to generate revenue for its develo
Betruger is a backdoor malware, likely created for executing ransomware attacks. It has been connected to at least one member of the RansomHub ransomware-as-a-service operation. The malware includes several functions typically found in tools used before delivering ransomware payloads. Betr
After inspecting this "Invitation To Supply Products" email, we determined that it is spam. This fake message offers the recipient an opportunity to supply products sought by the sender. It must be emphasized that this spam campaign is not associated with any legitimate entities. The motivation b