While checking the VirusTotal page for recently submitted malware samples, our malware researchers discovered the KOK08 ransomware. This ransomware is part of the Matrix ransomware family. It encrypts files, modifies their filenames, and creates the "!README_KOK08!.rtf" file that contains a ransom
After downloading and using a fake installer downloaded from a shady website, our team discovered an application called ExecutiveMethod. It is a useless application designed to bombard users with unwanted advertisements. Therefore, we classified ExecutiveMethod as adware (advertising-supported a
While looking through new submissions to VirusTotal, our researchers found yet another ransomware-type program - called NMO - that belongs to the Dharma ransomware family. After executing a sample of NMO on our test machine, it encrypted files and altered their filenames. The original titles were
LinearRadial is an application designed to bombard users with annoying advertisements. Apps of this type are classified as adware. We discovered LinearRadial while inspecting a shady installer downloaded from a deceptive web page. Advertisements generated by LinearRadial can open shady w
While visiting (and inspecting) illegal movie streaming, torrent, and similar pages, we discovered topsurvey24[.]top. This page runs a fake survey to promote other deceptive pages and asks permission to show notifications. It is not recommended to visit such pages and allow them to deliver notific
EntrySample is a piece of rogue software that we discovered while checking out new submissions to VirusTotal. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family. Adware enables the placement of advertisements on visited websites and/o
While inspecting dubious software-promoting sites, our research discovered the Easy Files Downloading browser extension. It is presented as a download management tool. After analyzing this extension, we determined that it operates as adware. Advertising-supported software (adware) enables
Healthy is a rogue application, which our analysis revealed to be advertising-supported software (adware). Apps within this classification operate by running intrusive advertisement campaigns, i.e., by displaying ads. Adware enables the placement of third-party graphical content (e.g., pop
H0lyGh0st, also known as HolyGhost, is a ransomware-type program. It is designed to encrypt data and demand ransom for the decryption. Furthermore, H0lyGh0st infections are known to involve double extortion tactics (i.e., additional threats involving data leaks). This malware has been linked to N
Cleancaptcha[.]top is a deceptive website that we discovered while inspecting websites that use rogue advertising networks. It displays deceptive content (a fake CAPTCHA) to trick visitors into agreeing to receive notifications. Additionally, cleancaptcha[.]top redirects to scam websites.