We have tested the Mxpww ransomware and learned that it encrypts files, appends a string of random characters and the ".mxpww" extension to filenames, and creates the "5Fw6_HOW_TO_DECRYPT.txt" file (a ransom note). An example of how Mxpww encrypts files is provided below. Mxpww renames "1.jpg" to
Bio Diversity is a browser extension promoted as a tool for easy access to the largest biodiversity-centered library/archive. Instead, after testing it, we learned that Bio Diversity operates as advertising-supported software (adware). On our test system, Bio Diversity displayed various ad
best darker is the name of a browser hijacker that we have discovered while visiting a deceptive website. After analyzing this application, we found that it hijacks a web browser by changing its settings to ssepm.com - a fake search engine. During the research, we noticed that best darker also cou
SchedulerSkyLoad is another of our researchers' finds detected on VirusTotal. It is an adware-type application from the AdLoad malware family. Once installed onto our test system, SchedulerSkyLoad began displaying various ads. It is pertinent to mention that adware can require certain co
WExtension is the name of ransomware that our team has discovered while checking the samples submitted to VirusTotal. While analyzing WExtension, we found that it encrypts files, appends the ".WExtension" extension to filenames, and creates the "read_it.txt" file containing a ransom note. For exa
Our team has discovered the TypeValue application while inspecting various shady websites encouraging to download fake updates for the installed software. After examining TypeValue, we found that it displays advertisements and hijacks a web browser. Thus, this application can be categorized as a
During a routine inspection of the newest malware submissions on VirusTotal, our researchers found the Scl ransomware. After launching a sample on our test machine, we observed this ransomware encrypting data and renaming files by appending them with a unique ID, the cyber criminals' email addres
While analyzing the ransomware sample, we found out that Qqqw belongs to a family of ransomware called Djvu. It encrypted files and appended the ".qqqw" extension to filenames (for example, it renamed "1.jpg" to "1.jpg.qqqw", "document.txt" to "document.txt.qqqw"), and created the "_readme.txt" fi
Webprotrctionprogramm[.]com is yet another one of our findings from a routine exploration of untrustworthy websites. This page is designed to load deceptive content (e.g., "McAfee - Your PC is infected with 5 viruses!" scam), promote spam browser notifications, and redirect visitors to other unrel
After receiving this email, our researchers determined that it is a phishing email. The "Cornèrcard" letter in question is fake and in no way associated with Cornèr Bank - a Swiss private bank and credit card business. These emails target French-speaking users and attempt to trick them into disclo