During a routine inspection of new malware submissions to VirusTotal, our researchers discovered the lXXwXXXNQ ransomware. Once this malicious program was executed on our test machine, it encrypted files and appended their filenames with a ".lXXwXXXNQ" extension. For example, a file originally ti
While inspecting untrustworthy websites, our researchers discovered the protectpcscan[.]com scam site. It is a fake McAfee website. This fraudulent page is presented as the "official" site of McAfee anti-virus. It must be emphasized that this scam webpage is in no way associated with the McAfee Co
While inspecting dubious websites, our researchers discovered the save-your-time[.]com rogue page. It is designed to load deceptive content, push browser notification spam, and redirect visitors to other (likely untrustworthy/malicious) sites. Users typically enter these webpages via redirects cau
Securtytrk[.]xyz uses scare tactics to trick visitors into believing that their computers are infected. It runs the "Keep Your PC Updated With Norton!" scam. Additionally, securtytrk[.]xyz asks for permission to show notifications. Our team discovered this page while inspecting other dubious pages
Settings is the name of an application that we have discovered after downloading software from a shady website and cracked software distribution page. During the analysis, we found that it runs in the Task Manager as "Settings software Copyright © 2021" (the process name may vary). The purpose of
ChromeLoader was first analyzed by x3ph, and later dubbed by G-Data researchers as Choziosi loader. This malware is designed to install malicious extension(s) onto browsers. Currently, two distinct variants of ChromeLoader have been detected - one targeting Windows Operating Systems and another -
Files Download Now is presented as a tool allowing users to keep track of their downloads and quickly access (and manage) downloads, and create new downloads. We have discovered this app on a deceptive website. After downloading and installing the app, we learned that it generates intrusive advert
News-rulujo[.]cc displays deceptive content and asks for permission to deliver notifications. It is an untrustworthy page promoted via other pages of this kind. Our team discovered news-rulujo[.]cc while examining various torrent sites, illegal movie streaming websites, etc. News-rulujo[.]
After inspecting the "DHL NOTICE OF ARRIVAL" email, we determined that it is malspam. These letters are disguised as notifications concerning a package shipped through DHL - a legitimate logistics and package delivery company. It must be emphasized that these emails are in no way associated with D
After inspection, we have concluded that this is a phishing email pretending to be a letter from the email service provider. Scammers behind this email aim to trick recipients into providing personal information. The email contains a hyperlink that opens a deceptive website (fake Webmail login pag