Saitama is the name of a backdoor malware (written in .Net) that abuses DNS protocol for C2 (Command and Control) communications. It can execute remote commands and drop files. We have discovered this backdoor during the analysis of an email containing a malicious attachment (an Excel document).
Our malware researchers have discovered a new ransomware variant called Redem Mikhail during a routine check of malware samples submitted to the VirusTotal page. They found that Redem Mikhail is part of the Spora ransomware family. Once executed, it encrypts files, modifies their filenames, and cr
While inspecting new submissions to VirusTotal, our researchers found the PDFCreator application. It has multiple detections as "adware" on VirusTotal. Although we did not observe any characteristics of such software during analysis (potentially due to some sort of incompatibility between PDFCr
Our team has discovered the VoltageTask application while inspecting various deceptive web pages. After installing and analyzing this app, we learned that it displays intrusive advertisements. Therefore, we categorized VoltageTask as adware (advertising-supported software). A big part of
While inspecting questionable websites, our research team discovered the cauthaushoas[.]com rogue webpage. It is designed to host dubious content, promote browser notification spam, and redirect visitors to other (likely unreliable/malicious) sites. Most users enter websites like cauthaushoas[.]c
We discovered the mkjxtu[.]com page while examining various illegal movie streaming pages, torrent sites, and other sites that use rogue advertising networks. During analysis, we found that mkjxtu[.]com displays deceptive content/uses a clickbait technique to get permission to show notifications.
We have discovered the Fefg ransomware while examining the malware samples submitted to VirusTotal. The purpose of Fefg is to encrypt files. Also, this ransomware appends ".fefg" extension to filenames and creates the "_readme.txt" file. We found that Fefg is part of the ransomware family called D
Highpotencysecurity[.]com is a rogue webpage that our researchers found while inspecting dubious sites. This page is designed to load scams, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites. Most users access such webpages through red
During a routine inspection of new VirusTotal submissions, we discovered the GlobalQueue application. After analyzing this rogue piece of software, we determined that GlobalQueue operates as adware and is part of the AdLoad malware family. Adware is designed to enable the placement of th
Movies Craver is advertised as a reliable and fast application allowing users to search for movies. We have discovered it on a deceptive website. During the examination, we found that Movies Craver generates unwanted advertisements. Thus, we categorized it as an advertising-supported application (