PARKER is the name of a ransomware variant that our malware researchers have found while analyzing malware samples submitted to VirusTotal. We learned that PARKER encrypts files and appends ".PARKER" extension to filenames. Also, it creates the "RESTORE_FILES_INFO.txt" file, which contains a ranso
Healthiness is a piece of rogue software that our research team discovered while inspecting dubious download webpages. After analyzing this app, we determined that it operates as advertising-supported software (adware) and that is nearly identical to Bloom adware. Advertising-supported sof
The purpose of tooklichair[.]com is to trick visitors into allowing it to show notifications and redirect to other pages of this kind. Our team has discovered tooklichair[.]com while analyzing various websites that use rogue advertising networks. It is uncommon for pages like this one to be visite
Discovered by MalwareHunterTeam, FantaroX is a malicious program based on the Chaos ransomware. It is designed to encrypt data and demand payment for the decryption. We obtained a sample of FantaroX from VirusTotal and launched it onto our test machine. After that, it began encrypting files and a
Huis_bn is ransomware that belongs to the Xorist ransomware family. Our malware researchers have discovered Huis_bn while checking the VirusTotal page for recently submitted malware samples. It was found that Huis_bn encrypts files and appends ".huis_bn" as their new extension. Also, this ransomw
Jhgn is a piece of malicious software classified as ransomware. Our researchers discovered this program while inspecting new submissions to VirusTotal. We learned that Jhgn is part of the Djvu ransomware family. Once launched onto our test system, this ransomware began encrypting files and append
ActiveProcess is the name of an adware-type application that our team has discovered while inspecting deceptive websites. The purpose of this application is to generate advertisements. Typically, software of this type is disguised as legitimate software. Also, it is promoted and distributed main
While inspecting new malware submissions to VirusTotal, our researchers found the Black Basta ransomware. After launching a sample on our test system, we learned that this malicious program encrypts files and appends their filenames with a ".basta" extension. For example, a file initially titled
AID is malware that functions as a loader and a clipper. It is written in C++ programming language. AID is promoted on a hacker forum. It is sold for $75 (at the moment, its developer uses a sales promotion and sells AID for $50). AID can execute EXE (executable) files downloaded via a spe
While inspecting new submissions to VirusTotal, our research team found the Jhbg ransomware-type program. We determined that this program belongs to the Djvu ransomware family. After being launched onto our test machine, Jhbg encrypted files and appended their filenames with a ".jhbg" extension.