shade area adware is promoted as a tool for changing the color of the selected areas on websites. We have discovered this app on a deceptive website claiming that it is required to install a secure Chrome extension. After installing this app, we found that it generates advertisements. Thus, we cla
Safety Shield is a malicious application designed to open various websites. We discovered this malware after downloading an installer from a fake website supposedly offering cracks for various software. The installer distributing Safety Shield may also contain other unwanted software. Safe
While inspecting fake "cracked" software download websites, we discovered the Dllhost.exe malicious program. It masquerades as the legitimate Windows process - dllhost.exe (COM Surrogate), thereby attempting to avoid appearing suspicious on Task Manager. Following successful installation o
Nerbian is the name of a remote access Trojan (RAT). RATs allow attackers to control infected computers remotely. Nerbian is a RAT written in the Go programming language. It can log keystrokes and capture the screen. It also may have additional capabilities. We discovered it after receiving an ema
During a routine inspection of new submissions to VirusTotal, our researchers found the Ifla ransomware-type program. We determined that this piece of malicious software is part of the Djvu ransomware family. After being launched onto our test system, this ransomware encrypted files and appended
Our team discovered Byya while examining the samples submitted to VirusTotal. They found that Byya is ransomware (malware that encrypts files). It appends the ".byya" extension to filenames (for example, renames "1.jpg" to "1.jpg.byya", "2.png" to "2.png.byya"), and generates the "_readme.txt" fil
Kruu is ransomware that our malware researchers have discovered while examining samples submitted to the VirusTotal page. We found that Kruu is part of the Djvu ransomware family. It encrypts files and appends the ".Kruu" extension to filenames. Also, it creates the "_readme.txt" file that contain
After analyzing the YouPDFSearch browser extension, our researchers determined that it is a browser hijacker. Following successful installation onto our test machine, we learned that YouPDFSearch makes changes to browser settings in order to promote the youpdfsearch.com fake search engine.
Freenotifications[.]com is a rogue website that our researchers found during a routine inspection of untrustworthy sites. This page is designed to push browser notification spam and redirect visitors to other (likely dubious/malicious) websites. Users typically access such webpages via redirects c
SearchZubi is a browser extension, which we determined to be a browser hijacker. This piece of software modifies browser settings to promote the searchzubi.com fake search engine. When we installed SearchZubi onto our test system, it assigned searchzubi.com as the browser's default search