During a routine investigation into new malware samples submitted into VirusTotal, our researchers detected and subsequently analyzed the KMA47 ransomware. It encrypts data (renders files inaccessible) and demands a ransom for the decryption (access recovery). The researched sample renamed files
After downloading and launching ExpressDefault's sample, our researchers found it to be an adware-type app. In other words, it runs intrusive advertisement campaigns (displays various ads). We also determined that ExpressDefault belongs to the AdLoad malware family. Furthermore, it may exhibit
After installing the Easy-Search application, we have noticed that it has changed the web browser's settings (and did not allow to modify them) to easysearch.club - a search engine that shows results generated by Bing (bing.com). Thus, it can be stated with certainty that Easy-Search is a browser
PDFConverterSearchNow is a rogue browser extension. After analyzing it, our researchers have concluded that this piece of software operates as a browser hijacker. PDFConverterSearchNow changes browser settings and promotes the pdfconvertersearchnow.com fake search engine. On our test syste
We discovered AMC ransomware while inspecting ransomware samples submitted to VirusTotal. While analyzing the AMC ransomware sample, we saw that it encrypts files and appends a different extension (containing four random characters) to filenames. For example, AMC has renamed "1.jpg" file to "1.jp
When inspecting recently submitted ransomware samples to VirusTotal, we discovered and analyzed a new variant named 4ywda. This malicious program is designed to encrypt data (lock files) and demand payment for the decryption. During our analysis, it appended affected files with a random character
Security-defender[.]xyz is a website that our malware researchers have discovered while looking for pages designed to trick visitors into agreeing to receive deceptive notifications. It is an untrustworthy page asking for permission to deliver notifications and displaying deceptive content.
Our researchers have found yet another adware-type application called DigitalProgram. We have concluded that this piece of software operates as adware. It also belongs to the AdLoad malware family. We have researched many samples from said group, and while during our testing - we did not observ
PseudoManuscrypt is the name of the malware that spies on victims. It is similar to another malware called Manuscrypt. We have discovered PseudoManuscrypt while checking installers for pirated software (one of the examples is a fake pirated installer for SolarWinds - a network monitoring software)
KeyWright displays advertisements and promotes a fake search engine. It is advertising-supported software that has traits of a browser hijacker. Additionally, KeyWright can read sensitive information from websites. Usually, apps of this kind are promoted and distributed using questionable (often