Our malware researchers have discovered a new ransomware called Lomiat while inspecting samples submitted to the VirusTotal web page. We found that Lomiat belongs to the Xorist ransomware family. The purpose of Lomiat is to encrypt files. Also, it appends the ".LoMiAt" extension to filenames and c
Our researchers discovered the PrimeAurora application during a routine inspection of new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware operates by displaying ads on visited websites and/
While inspecting deceptive websites offering to download "useful" applications, we found an application called PropCreative. During the analysis, we found that PropCreative is adware - it displays intrusive advertisements. Additionally, PropCreative can read sensitive information. Advert
While examining websites that use rogue advertising networks, we discovered houbekuwucoo[.]com - a deceptive website designed to trick visitors into agreeing to receive notifications. Additionally, this site can open other pages of this kind. As a rule, pages like houbekuwucoo[.]com get visited un
Tapak[.]xyz is a rogue site that our research team found while inspecting untrustworthy webpages. This website operates by pushing browser notification spam and redirecting visitors to other (likely dubious/malicious) pages. Most enter such sites through redirects caused by webpages that use rogu
During a routine inspection of questionable software-promoting webpages, our researchers discovered the Keep It Dark browser extension. It promises to enable dark mode for browsers. We analyzed this extension and determined that it operates as advertising-supported software (adware) instead.
While inspecting dubious pages, our researchers discovered the shieldforbrowsers[.]com rogue website. It is designed to run scams, promote spam browser notifications, and redirect visits to different (likely untrustworthy and malicious) sites. Users typically access webpages like shieldforbrowser
We have discovered the Dark Display application while examining shady websites and inspecting deceptive advertisements. We learned that Dark Display is supposed to provide a dark mode for web browsers but functions as adware (it shows unwanted advertisements). After testing many advertisin
Our team discovered the Simple Search application while analyzing deceptive web pages. We found that the purpose of Simple Search is to promote search.simple-searchs.com (force users to browse the Internet with a fake search engine). Simple Search promotes this address by hijacking a web browser (
RozbehOfSatan is the name of a ransomware-type program. It is a new variant of the Rozbeh ransomware. After executing a sample of RozbehOfSatan on our test system, it encrypted files and created a ransom note. Typically, ransomware renames the affected files, but that is not to case with RozbehOf