We have inspected RestoreBackup (which we discovered during analysis of malware samples submitted to VirusTotal) and determined that it is ransomware designed to encrypt files. In addition to blocking access to files, RestoreBackup renames them (by appending ".{random_string}.restorebackup") and d
During our inspection of PrimaryAnalyzer, we found it to be an advertising-supported application designed to deliver advertisements. We also learned that a number of security vendors have flagged PrimaryAnalyzer as malicious. This means that ads from PrimaryAnalyzer can be deceptive and promote
While investigating suspicious websites, our researchers discovered the sparefastads[.]top rogue page. It promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors access sparefastads[.]top and similar webpages via redirects caused by websit
Our researchers found the derenmon.co[.]in rogue page while browsing questionable websites. After examining this webpage, we determined that it is designed to promote browser notification spam and redirect users to other (likely dubious/malicious) sites. Derenmon.co[.]in and similar pages are prim
Our researchers discovered the FMLN ransomware while inspecting file submissions to the VirusTotal site. This kind of malware is designed to encrypt data and demand payment for the decryption. On our testing system, FMLN encrypted files and renamed them according to this patten – "[original_filen
Tria Stealer is malware that targets Android users. It targets personal information and transmits it to the attackers through various Telegram bots using the Telegram API. Cybercriminals can use Tria Stealer for various malicious purposes. If detected on a device, the stealer should be eliminated
TheAnonymousGlobal is a ransomware-type program. It operates by encrypting data in order to demand payment for its decryption. On our testing system, this ransomware encrypted files and added a ".TheAnonymousGlobal" extension to their titles. To elaborate, a file initially named "1.jpg" appeared
Our researchers discovered PelDox ransomware while browsing new file submissions to the VirusTotal website. Malicious software within this classification is designed to encrypt files and demand payment for the decryption. After we launched a sample of PelDox on our test machine, it encrypted file
Our researchers discovered the speedupdevice.co[.]in rogue page during a routine inspection of untrustworthy sites. It operates by endorsing browser notification spam and producing redirects to different (likely dubious/dangerous) websites. The majority of visitors enter speedupdevice.co[.]in and
Upon reviewing Tao Raiqsuv Utils, we found that it has no clear function and has been flagged as malicious by several security vendors. Furthermore, some of its components are designed to deploy Legion Loader, a malware that injects other payloads. As a result, it is highly advisable to avoid Tao