Magala is a Trojan-clicker that performs a form of ad fraud (click fraud). The purpose of this clicker is to connect to specific websites and drive traffic to them. It imitates clicks on those websites. Typically, Trojan-clickers are used to drain the budget of competitors paying for advertising.
During a routine inspection of new submissions on VirusTotal, our researchers found Cj - yet another ransomware belonging to the VoidCrypt family. We executed Cj's sample on our test system, and it began encrypting files and appending their filenames with a unique ID, the attackers' email address
We have discovered a new ransomware variant belonging to the Chaos family called BlackGT5327. It was found while checking the VirusTotal page for recently submitted malware samples. BlackGT5327 ransomware encrypts files and appends four random characters as their new extension. It also creates the
News-hetayi[.]cc is a deceptive web page designed to trick visitors into agreeing to receive notifications. Moreover, it can redirect visitors to other pages of this type. As a rule, pages like news-hetayi[.]cc are not visited on purpose. Our team has discovered news-hetayi[.]cc while inspecting p
Ourdailystories[.]com is a rogue site that promotes browser notification spam and redirects visitors to other (likely dubious/malicious) webpages. We discovered this page while inspecting untrustworthy websites. Ourdailystories[.]com and webpages akin to it are usually accessed inadvertently. Most
While checking out untrustworthy websites, our researchers found the defender-scan[.]xyz rogue webpage. It is designed to load deceptive content, push browser notification spam, and redirect visitors to different (likely unreliable/malicious) sites. Most users typically enter such pages via others
We discovered the freeadvcity[.]com rogue webpage during a routine inspection of shady sites. It promotes browser notification spam and redirects visitors to other (likely dubious/malicious) websites. Freeadvcity[.]com and similar pages are seldom accessed intentionally; most users enter them via
Baro Ds is a browser hijacker used to promote the barosearch.com address, a fake search engine. It hijacks a web browser by changing its settings. Our team has discovered Baro Ds on a deceptive website that recommended installing this app to improve the browsing experience. Baro Ds promote
Our researchers found the Phmqdw malicious program while inspecting new submissions to VirusTotal. We learned that it belongs to the Makop ransomware family. Once launched onto our test machine, this ransomware began encrypting files and appending their filenames with a unique ID assigned to the
ASEC Analysis Team has discovered a new information stealer called ColdStealer. It was found that this malware steals various user information and sends it to Command and Control (C2) server. Cybercriminals distribute ColdStealer using a dropper and downloader malware that downloads ColdStealer fr