Wdlo is one of the ransomware variants belonging to a ransomware family called Djvu. We have discovered this variant while examining the samples submitted to VirusTotal. After analyzing Wdlo, we have found that it encrypts files, appends its extension (".wdlo") to filenames, and generates a text f
Our researchers found inancukan[.]xyz while inspecting untrustworthy sites. This webpage is designed to promote browser notification spam and redirect visitors to other (likely dubious/malicious) websites. Most users enter pages like inancukan[.]xyz via redirects caused by sites using rogue advert
Explus is a piece of malicious software classified as ransomware. Our researchers found it while inspecting new submissions on VirusTotal. After being launched on our test machine, this ransomware encrypted files and appended their filenames with a ".explus" extension. For example, a file initial
SoftwareHelper is an adware-type application that our research team discovered while inspecting new submissions to VirusTotal. This piece of software operates by running intrusive advertisement campaigns (displaying ads), and it can have other harmful functionalities. We also learned that it bel
Separashpar[.]xyz is an untrustworthy web page that uses a clickbait technique to trick visitors into allowing it to show notifications. Also, it redirects visitors to other questionable sites. Our team has discovered separashpar[.]xyz while examining pages that use shady advertising networks.
Korplug (also known as Hodur, PlugX) is the name of the malware that has different variants with different functionalities. Korplug is distributed by a group of cybercriminals known as Mustang Panda. They are known for targeting non-governmental organizations. Korplug is a Remote Access Tr
Dotchaudou[.]com is a rogue webpage that our research team discovered while inspecting questionable sites. It operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy or malicious) websites. Rogue sites are seldom accessed intentionally. Most users ent
Discovered by our research team while inspecting new submissions to VirusTotal, GuideService is a rogue application. Following our analysis, we determined that this piece of software operates as adware and belongs to the AdLoad malware family. It is noteworthy that adware may require sui
OnlinePlatform is the name of an untrustworthy application that our team has discovered while examining a deceptive website. After downloading and installing this app, we found that it operates as adware - it generates advertisements. Apps like OnlinePlatform display advertisements used
89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ is the name of a malicious program. After analyzing it, we determined that this malware operates as a clipboard hijacker. We discovered this program while inspecting websites offering "cracked" software. It is noteworthy that the installation setup tha