Our research team discovered the Sheeva ransomware during a routine inspection of new malware submissions to VirusTotal. When we executed a sample of Sheeva on our test machine, it encrypted files and changed their filenames. Affected files were renamed according to this pattern - "id[victim's_ID
While inspecting questionable websites, our research team discovered the hexaput0n[.]click page. It operates by running scams, promoting browser notification spam, and redirecting visitors to different (likely untrustworthy/dangerous) sites. Users typically enter these webpages through redirects c
DimScreen is a rogue browser extension that our researchers found while inspecting dubious download webpages. It is endorsed as a tool capable of enabling dark mode for simple-design websites. After analyzing this piece of software, we determined that DimScreen operates as adware. Adware e
During a routine inspection of new submissions to VirusTotal, our research team discovered the DigitalInitiator rogue application. Our analysis of this app revealed that it operates as advertising-supported software (adware) and is part of the AdLoad malware family. Adware is designed to
Our inspection of this "Mechatronics Industrial Equipment" email revealed that it is fake and intended to infect recipients' devices with the Agent Tesla RAT (Remote Access Trojan). This spam email supposedly relates to a payment. However, this letter is in no way associated with the legitimate M
While inspecting dubious sites, our research team discovered the get-shields[.]com rogue webpage. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely untrustworthy/malicious) websites. Most users enter such pages through redirects caused by sites using
IceXLoader is a loader-type malware written in the Nim programming language. Malicious programs within this classification are designed to cause chain infections. In other words, they operate by downloading/installing additional malicious components or malware onto compromised systems. Ice
Webnotificationsgroup[.]com is a rogue webpage that our researchers discovered while inspecting untrustworthy sites. It is designed to promote browser notification spam and redirect visitors to other (likely unreliable/dangerous) websites. Most users enter such pages through redirects caused by pa
Auto Skip Ads is the name of a browser extension that our researchers found while inspecting questionable software-promoting sites. This piece of software promises a feature that blocks/skips advertisements on YouTube. However, our analysis revealed that this extension operates as adware instead.
While inspecting dubious websites, our research team found the athree[.]xyz rogue page. It is designed to load deceptive material, promote browser notification spam, and redirect visitors to other (likely untrustworthy/malicious) webpages. Users typically enter sites like athree[.]xyz through page