Our research team found the solidprotectionspc[.]com rogue webpage while inspecting unreliable sites. This page operates by promoting deceptive content, pushing browsing notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites. Users typically enter these web
While inspecting new malware submissions to VirusTotal, our researchers found a new malicious program called TURKEY, which is based on Chaos ransomware. We acquired a sample from VirusTotal and launched it onto our test system. We learned that the TURKEY ransomware encrypts files and appends thei
PowerShell RAT is the name of a Remote Access Trojan (RAT) written in PowerShell. The term PowerShell refers to a Microsoft Windows program designed for task automation and configuration management (i.e., product functionality, performance, and attribute establishment and maintenance). The trojan
During our routine malware research, we discovered an information stealer called SaintStealer. We found that this information-stealing malware targets credentials and system information. All gathered information is sent to a Command and Control server. SaintStealer is written in the C# programming
Webnotificationservices[.]com is a rogue webpage that our research team discovered while inspecting untrustworthy sites. It is designed to push browser notification spam and redirect visitors to other (likely unreliable/malicious) websites. Most users enter such webpages via redirects caused by si
We have examined this email and found that cybercriminals use it to deliver malware. Their goal is to trick recipients into opening the attachment (a malicious file). We are not certain what malware threat actors behind this malspam campaign are distributing, but there is reason to believe it is A
We have discovered the Quick Baro application after downloading it from a deceptive website. We learned that after the installation, Quick Baro hijacks a web browser by changing its settings. This app promotes barosearch.com - a fake search engine. Quick Baro forces users to visit barosear
ZxxZ is the name of a malicious program classified as a trojan. This malware is capable of infiltrating additional malicious software into systems. Hence, the threats posed by ZxxZ infections may be particularly broad. It is noteworthy that this trojan has been observed being actively spread via e
Matamoe is ransomware that we discovered while checking the VirusTotal page for recently submitted malware samples. It was found that Matamoe encrypts files, appends the ".matamoe" extension to filenames, changes the desktop wallpaper, and creates the "read_THIS.txt" file (a ransom note). An exam
Our researchers discovered OriginalScheduler during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware enables the placement of ad