Anatsa (also known as TeaBot) is a banking Trojan with remote administration Trojan (RAT) capabilities. It can steal credentials, log keystrokes and capture the screen (obtain anything shown on the victim's screen). We have discovered Anatsa while inspecting apps (droppers) uploaded to Google Play
Discovered by TrendMicro, NetDooka is a multi-component malware framework distributed through a malicious PPI (Pay-Per-Install) service. Due to the nature of malware PPI services, exactly what malicious components are installed can vary. The observed infection chains compromised a loader and drop
We have discovered Video Ad Remover while examining various untrustworthy websites claiming that it may be necessary to install this app. After downloading and installing Video Ad Remover, we found that it is an advertising-supported application - it bombards users with intrusive advertisements.
Odaku is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. We determined that this malicious program belongs to the Chaos ransomware family. Once executed on our test system, Odaku began encrypting files and appended their filenames with an
Chosenlove[.]com is a rogue page that we discovered while inspecting untrustworthy websites. It is designed to load dubious content, promote spam browser notifications, and redirect visitors to different (likely unreliable/malicious) sites. Most users enter webpages like chosenlove[.]com via redir
Check-the-article[.]com is a deceptive page that we have found while inspecting other pages of this kind (illegal movie streaming pages, torrent sites, and similar). It displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects visitors to other untrust
LaunchHistoryResults is the name of an application that our team has discovered while visiting deceptive websites (e.g., pages offering to download fake updates for the Adobe Flash Player). After downloading and installing the app, we found that it functions as adware - LaunchHistoryResults gene
While inspecting untrustworthy websites, our researchers discovered the freesamplesprousa[.]com webpage. It operates by hosting deceptive material (scams), pushing browser notification spam, and redirecting visitors to different (likely unreliable/malicious) sites. Most users enter freesamplespro
Freeadvreviews[.]com is a rogue page that our researchers found while inspecting dubious websites. It promotes browser notification spam by using fake CAPTCHA verification. Additionally, this site can redirect visitors to other (likely unreliable/malicious) webpages. Most users enter websites lik
Mal is ransomware that belongs to the Xorist ransomware family. We have discovered this variant while analyzing the malware samples submitted to VirusTotal. Mal encrypts files and appends the ".Mal" extension to their filenames. It displays its ransom note in an error window and on a black screen.