Our team has discovered the ZOZL ransomware while analyzing the samples submitted to VirusTotal. Our key findings are that ZOZL is part of the Phobos ransomware family and encrypts files, generates two ransom notes ("info.hta" and "info.txt"), and renames files. An example of how ZOZL renames fil
We have discovered the PowerLane application while visiting download pages for cracked software and pages displaying fake pop-ups. After examining PowerLane, we found that it is an advertising-supported application that can read browsing history and sensitive information from websites. A
Discovered by our team while researching deceptive websites, Shopping Guide is an adware-type browser extension. It promises to allow quick access to "the most popular e-commerce company". However, this extension delivers intrusive advertisement campaigns instead. After being successfully
Goldline-updates[.]com is a rogue website promoting browser notification spam and capable of redirecting visitors to other untrustworthy/harmful pages. We discovered this site while researching pages that use rogue advertising networks. Redirects caused by such webpages - are also how most users
"YOUR GOOGLE HAS (4) CRITICAL VULNERABILITIES!" is a scam targeting Android users, which we discovered when researching rogue websites. The scheme claims that the site visitor's device is infected and will be blocked - unless they install a "Google Chrome" application. We identified the piece of
Our team has discovered this scam website while analyzing pages that use shady advertising networks. We have examined this page and concluded that it is disguised as a legitimate platform offering to synchronize cryptocurrency wallets with the blockchain. We also found that this site is flagged as
Medusa is the name of a banking trojan that we have researched and analyzed a sample obtained from VirusTotal. This malware targets Android operating systems; it enables remote access control over infected devices and can extract a wide variety of vulnerable data from them. Initially, Medusa was
Sncip is the name of ransomware that we have discovered while checking the VirusTotal page for recently submitted malware samples. Our team has tested Sncip and learned that it encrypts files and appends a string of random characters and the ".sncip" extension to their filenames. Also, it creates
Discovered by our researchers during a routine inspection of sites that use rogue advertising networks, TravelNow is a rogue application. After analyzing it, we determined that it operates as advertising-supported software (adware). Adware is designed to run intrusive advertising campaigns
We have examined the Aumcc ransomware and found that it encrypts files, appends a string of random characters and the ".aumcc" extension to filenames, and generates a ransom note (a text file named "3LUo_HOW_TO_DECRYPT.txt"). Our team has discovered Aumcc while checking the malware samples submitt