Ourcoolposts[.]com is a website that uses a clickbait technique to trick visitors into allowing it to show notifications. We have discovered ourcoolposts[.]com while clicking on shady ads and visiting pages that use questionable advertising networks. In most cases, sites like ourcoolposts[.]com ge
Gcyi is a ransomware-type program designed to encrypt data and demand ransoms for the decryption. Our researchers found and obtained a sample of this malware from VirusTotal. We have determined that Gcyi belongs to the Djvu ransomware family. During analysis, this ransomware appended the filename
MURK is ransomware that was discovered by our team while examining the malware samples submitted to VirusTotal. It was found that MURK encrypts files (and modifies their filenames) and generates two files containing ransom notes - "info.txt" and "info.hta". It is part of the Phobos ransomware fami
We have discovered the TradeValor application after clicking on a pop-up displayed by a deceptive page, implying that Adobe Flash Player is out of date. After installation, TradeValor started showing annoying advertisements. Thus, we concluded that TradeValor is an advertising-supported applicat
During a routine inspection of rogue websites, our research team found the worthyrid.com site. It pushes browser notification spam and redirects visitors to other untrustworthy/harmful pages. Users typically access webpages like worthyrid[.]com via redirects caused by sites using deceptive adverti
Discovered by our researchers while inspecting sites that use rogue advertising networks, SpeedTestMe is a browser extension endorsed as an Internet speed testing tool. It is supposedly capable of measuring webpage loading times, download speeds, etc. Having analyzed this extension, we can conclud
Qmam4 is a piece of malicious software categorized as ransomware. Our research team found this malware during a routine inspection of new submissions on VirusTotal. While analyzing a sample of Qmam4, we learned that it renames the encrypted files by appending their filenames with a random charact
Webpushworld[.]com is a deceptive page designed to trick visitors into agreeing to receive its notifications. We have discovered it while visiting other shady websites and examining ads displayed on them. Webpushworld[.]com is promoted mainly through websites that use rogue advertising networks.
Our malware researchers have discovered T800 ransomware while checking malware samples submitted to VirusTotal. After analyzing the sample, we concluded that T800 encrypts files and keeps them inaccessible until a ransom is paid. Also, it renames files (appends the ".t800" extension to filenames)
While analyzing untrustworthy websites, our researchers discovered the myjollyrudder[.]com page. It is designed to load deceptive content, push browser notification spam, and redirect visitors to other unreliable/harmful sites. Most users access webpages like myjollyrudder[.]com via redirects caus