Petrovic has recently discovered ransomware called Agenda (also known as Qilin). This malware encrypts files, appends a string of random characters as a file extension, and drops the "[random_string]-RECOVER-README.txt" file (with the same random string in its filename as encrypted files have). Th
While examining shady websites instructing visitors to update the Adobe Flash Player (download a fake installer), we discovered an application called CoralMajesty. After testing the app, we found that it displays advertisements. Software of this type is called advertising-supported software (adw
AIVARAT is a piece of malicious software classified as a RAT (Remote Access Trojan). This program targets Android Operating Systems (OSes). RATs are designed to enable remote access and control over infected machines. AIVARAT is a multifunctional trojan - hence, it can exert a high level of contr
GetAnAntivirus is the name of a ransomware-type program that our researchers discovered while inspecting new malware submissions to VirusTotal. This malicious program is part of the Chaos ransomware family. After we launched a sample of this ransomware on our test machine, it encrypted files and
CycleAfter is a piece of rogue software classified as adware. We discovered this app while inspecting new submissions to VirusTotal. Additionally, it has to be mentioned that CycleAfter is part of the AdLoad malware family. Advertising-supported software (adware) displays ads on visited
While examining websites that use rogue advertising networks, we discovered news-jixuzi[.]cc - a shady page that uses a clickbait technique to trick visitors into allowing it to show notifications. It is uncommon for pages like news-jixuzi[.]cc to be visited intentionally. Also, they often redirec
Paradies clipper is the name of the malware that steals cryptocurrency from victims by replacing wallet addresses saved in the clipboard with addresses belonging to cybercriminals. It is sold on a hacker forum for 50 euros. The developer of the Paradies clipper describes it as a number one crypto
Keepsafetycore[.]com is a rogue website that promotes scams and spam browser notifications. This page can also redirect users to other (likely untrustworthy/malicious) sites. Our researchers discovered keepsafetycore[.]com while inspecting pages that employ rogue advertising networks. It is notew
Our research team found the LiftEffort application during a routine inspection of new submissions to VirusTotal. Our analysis of this app revealed that it operates as adware. Additionally, LiftEffort belongs to the AdLoad malware family. Advertising-supported software may require the bro
After using a fake installer downloaded from a deceptive page, we discovered the PlusApparel application. We found that PlusApparel is a useless application that displays intrusive advertisements. Thus, we classified PlusApparel as adware. PlusApparel displays advertisements that can ope