Qlln is the name of ransomware belonging to the ransomware family called Djvu. We have discovered this variant during our routine check for malware samples submitted to VirusTotal. It was found that Qlln encrypts files and appends ".qlln" extension to filenames, and provides a ransom note (creates
Nnuz is ransomware that encrypts files and appends the ".nnuz" extension to filenames. Also, it creates the "_readme.txt" file that contains instructions on how to contact the attackers and other information. Our malware researchers have discovered Nnuz while checking samples submitted to the Viru
We discovered the Web Saver application on a shady website offering to install it before continuing to the page. After installing this app, we learned that it functions as adware - it displays annoying advertisements. The download page for Web Saver states that this app removes error pages and pro
VastVista is a rogue app that our researchers found while inspecting new submissions to VirusTotal. Once we installed this application on our test machine, we learned that VastVista operates as adware and belongs to the AdLoad malware family. Advertising-supported software may require sp
While inspecting questionable download webpages, our research team discovered the text info browser extension. Our analysis of this piece of software revealed that it operates as adware. Adware enables the placement of third-party graphical content (various advertisements) on visited websi
It is a scam that uses a scare tactic to trick visitors into purchasing a McAfee Total Protection subscription. The McAfee company does not use websites like this one to promote its products. Thus, this site must be ignored. Our team has discovered this scam page while inspecting pages that use
Our researchers found the Keep Secure Search browser extension while inspecting deceptive download webpages. After analyzing this piece of software, we determined that it is a browser hijacker promoting the keepsecuresearch.com fake search engine. With Keep Secure Search installed onto our
We have discovered the Tap togo application while inspecting various deceptive websites. After downloading the app, we found that it functions as a browser hijacker: it changes certain settings to promote togosearching.com - a fake search engine. Tap togo hijacks a web browser replacing th
ERMAC 2.0 is the name of an Android banking Trojan targeting Polish users. We have discovered it on a hacker forum. Its developer sells it for $5000 per month. ERMAC 2.0 masquerades as a legitimate Bolt Food application. This malware steals credentials for financial and cryptocurrency applications
Pay is the name of a ransomware-type program that our research team discovered while inspecting new submissions to VirusTotal. We determined that this program is part of the Xorist ransomware family. After we executed a sample of Pay ransomware on our test system, it encrypted files and appended