Our malware researchers have discovered the SearchTab Default Search browser extension while examining questionable websites that use advertising networks. They found that this app promotes searchtab.xyz (a fake search engine) by changing the settings of a browser. Thus, it was concluded that Sear
ZEON was discovered by dnwls0719. After doing our research, we learned that ZEON is ransomware written in the Python programming language. It encrypts files, changes the desktop wallpaper, and appends the ".zeon" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.zeon", "2.png" to
Our researchers discovered the Pro Dark browser extension while inspecting content promoted by deceptive download webpages. This piece of software promises to enable dark mode for websites. However, after analyzing Pro Dark, we determined that it operates as adware. Following successful in
NOKOYAWA is a piece of malicious software classified as ransomware, which our research team found and sampled from VirusTotal. It is designed to encrypt data and demand payment for the decryption. On our test machine, this ransomware encrypted files and appended their filenames with a ".NOKOYAWA"
Our team has examined this email and learned that scammers use it to steal sensitive information. It is disguised as a letter from Microsoft. It also contains a hyperlink designed to open a phishing website requesting an email address and password. The email is disguised as a letter regard
HorizonLiving is an adware-type application our researchers discovered while inspecting new submissions to VirusTotal. It is designed to run intrusive advertisement campaigns, and this app has data tracking abilities. Additionally, we have determined that HorizonLiving belongs to the AdLoad malw
Our team has discovered this scam while visiting pages that use shady advertising networks. After examining the page, we learned that it is a pop-up scam that uses a scare tactic to promote antivirus software (to trick users into purchasing its subscription). It claims that a computer is infected
ShareAdvantage is a rogue app that our researchers found when a user reported it on a support forum. After analyzing this application, we determined that it operates as advertising-supported software (adware). Furthermore, ShareAdvantage is part of the AdLoad malware family. Adware may n
RURansom is a piece of malicious software classified as ransomware. Typically, malware within this classification operates by encrypting files (rendering them inaccessible) to make ransom demands for the decryption (access recovery). However, we learned from the message created by RURansom that th
Pripyat is a cryptocurrency miner our researchers found while inspecting malware-selling hotspots on the Web. We learned that this piece of malicious software is based on the XMRIG cryptominer. Pripyat malware is designed to abuse the resources of victims' machines to generate Monero (XMR) cryptoc