While inspecting deceptive websites, our researchers discovered the "BlockAll - block ads" browser extension. Its promotional material endorses this extension as an ad-blocking tool (adblocker). After analyzing "BlockAll - block ads", we determined that it operates as advertising-supported softwar
Onlineportalsite[.]com is a deceptive website that runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it asks for permission to show notifications. Typically, websites like onlineportalsite[.]com are promoted using questionable methods. Our team has discovered this page while insp
While inspecting untrustworthy sites, our research team found the aytonus[.]com deceptive webpage. This website is designed to load scams and redirect visitors to other (likely unreliable/malicious) pages. Most users enter webpages like aytonus[.]com via redirects caused by sites using rogue ad
During a routine inspection of untrustworthy websites, our researchers found the news-gocuco[.]cc rogue site. It operates by promoting deceptive content, pushing browser notification spam, and redirecting visitors to different (likely unreliable/malicious) pages. Most users enter them via redirect
VistaQuantum is a rogue application that we discovered while inspecting new submissions to VirusTotal. Our analysis of this piece of software revealed that it operates as adware. Additionally, VistaQuantum belongs to the AdLoad malware family. Adware enables the placement of third-party
After analyzing this email, we found that its purpose is to trick recipients into infecting their computers with a remote access Trojan named BitRAT. It is disguised as a letter from Amazon and contains a malicious attachment (a malicious disk image file). The email claims that a package h
WORLD GRASS (also known as EarthGrass/EarthGress) is a ransomware-type program that our research team found while inspecting new submissions to VirusTotal. After launching a sample of this ransomware on our test machine, we learned that it encrypts files and appends their filenames with a ".34r7h
Saitama is the name of a backdoor malware (written in .Net) that abuses DNS protocol for C2 (Command and Control) communications. It can execute remote commands and drop files. We have discovered this backdoor during the analysis of an email containing a malicious attachment (an Excel document).
Our malware researchers have discovered a new ransomware variant called Redem Mikhail during a routine check of malware samples submitted to the VirusTotal page. They found that Redem Mikhail is part of the Spora ransomware family. Once executed, it encrypts files, modifies their filenames, and cr
While inspecting new submissions to VirusTotal, our researchers found the PDFCreator application. It has multiple detections as "adware" on VirusTotal. Although we did not observe any characteristics of such software during analysis (potentially due to some sort of incompatibility between PDFCr