Yourdadgone is the name of a ransomware-type program we found when reviewing the newest malware submissions on VirusTotal. On our test machine, this ransomware encrypted files and appended their filenames with a ".yourdadgone" extension. For example, a file like "1.jpg" appeared as "1.jpg.yourdad
When inspecting rogue and deceptive websites, our researchers discovered yet another cryptocurrency giveaway scam. "NASA ETH and BTC Giveaway" is presented as a cryptocurrency mass-adoption scheme. Users are urged to transfer a certain amount of either Ethereum (ETH) or Bitcoin (BTC) cryptocurrenc
Our team has examined the listentoyoutube[.]cc page and concluded that this page offers to convert YouTube videos to MP3 files (while downloading videos from YouTube is a breach of YouTube's Terms of Service), uses rogue advertising networks, and promotes a questionable application. At the
We have tested the Mxpww ransomware and learned that it encrypts files, appends a string of random characters and the ".mxpww" extension to filenames, and creates the "5Fw6_HOW_TO_DECRYPT.txt" file (a ransom note). An example of how Mxpww encrypts files is provided below. Mxpww renames "1.jpg" to
Bio Diversity is a browser extension promoted as a tool for easy access to the largest biodiversity-centered library/archive. Instead, after testing it, we learned that Bio Diversity operates as advertising-supported software (adware). On our test system, Bio Diversity displayed various ad
best darker is the name of a browser hijacker that we have discovered while visiting a deceptive website. After analyzing this application, we found that it hijacks a web browser by changing its settings to ssepm.com - a fake search engine. During the research, we noticed that best darker also cou
SchedulerSkyLoad is another of our researchers' finds detected on VirusTotal. It is an adware-type application from the AdLoad malware family. Once installed onto our test system, SchedulerSkyLoad began displaying various ads. It is pertinent to mention that adware can require certain co
WExtension is the name of ransomware that our team has discovered while checking the samples submitted to VirusTotal. While analyzing WExtension, we found that it encrypts files, appends the ".WExtension" extension to filenames, and creates the "read_it.txt" file containing a ransom note. For exa
Our team has discovered the TypeValue application while inspecting various shady websites encouraging to download fake updates for the installed software. After examining TypeValue, we found that it displays advertisements and hijacks a web browser. Thus, this application can be categorized as a
During a routine inspection of the newest malware submissions on VirusTotal, our researchers found the Scl ransomware. After launching a sample on our test machine, we observed this ransomware encrypting data and renaming files by appending them with a unique ID, the cyber criminals' email addres