While inspecting new malware submissions to VirusTotal, our researchers discovered the Moonshadow ransomware. We determined that this malicious program is part of the VoidCrypt ransomware family. After we launched a sample of Moonshadow on our test system, it encrypted files and altered their nam
Our team discovered FIXED while inspecting malware samples submitted to the VirusTotal page. We found that FIXED is ransomware that encrypts files and appends ".FIXED" extension to filenames. For example, it renames "1.jpg" to "1.jpg.FIXED", "2.png" to "2.png.FIXED", and so forth. Also, FIXED crea
News-fesihe[.]cc is designed to trick visitors into agreeing to receive notifications and redirect them to other shady pages. As a rule, pages like news-fesihe[.]cc are visited inadvertently. Our team has discovered news-fesihe[.]cc while examining various illegal movie streaming pages, torrent si
R3tr0 (also known as RETRO-ENCRYPTED) is ransomware belonging to the Dharma family. We discovered it while checking the VirusTotal website for recently submitted malware samples. R3tr0 encrypts files and appends the victim's ID, r3tr0crypt@tuta.io email address, and ".r3tr0" extension to filenames
EfficientRecord is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware is designed to dis
During a routine inspection of questionable websites, our research team discovered the scan-pro-guard[.]com page. It promotes deceptive content, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) sites. Most users enter webpages like scan-pro-g
While looking through new submissions to VirusTotal, our researchers discovered the DynamicLush application. Our analysis of this piece of software revealed that it operates as adware and belongs to the AdLoad malware family. Adware may not display advertisements if certain conditions ar
We discovered the trexvideo[.]biz rogue webpage while inspecting dubious websites. It is designed to push browser notification spam and redirect visitors to other (likely untrustworthy or malicious) sites. Users typically enter pages of this kind via redirects caused by webpages using rogue advert
Juicycelebinfo[.]com uses a clickbait technique to trick visitors into allowing it to show notifications. Also, it redirects them to other untrustworthy pages. As a rule, pages like juicycelebinfo[.]com are not visited on purpose. Our team found this page while inspecting websites that use shady a
After checking the "I am a Russian hacker who has access to your operating system" email, we determined that it is spam that operates as a sextortion scam. This spam mail attempts to trick recipients into paying a ransom over nonexistent recordings. In other words, these emails state that the sen