Dark Browse is an adware-type browser extension promoted as a tool that enables dark mode for websites. While the functionalities promised by advertising-supported software are usually fake, after analyzing Dark Browse we learned that its promised function is operational. However, this browser ext
Mxf1bd is the name of a ransomware-type program, which our researchers discovered while looking through new submissions on VirusTotal. On our test system, this ransomware encrypted files and appended their filenames with a ".mxf1bd" extension. For example, a file initially titled "1.jpg" appeared
Anedukera[.]xyz is a deceptive website that asks for permission to show notifications and redirects visitors to other pages of this type. We have discovered anedukera[.]xyz while analyzing websites that use rogue advertising networks (display shady ads and open dubious pages). After examin
Ginzo (also known as ZingoStealer) is the name of an information-stealing malware that steals passwords, cookies, and other information from infected computers. We have found that cybercriminals use Telegram to distribute Ginzo. They offer to download it free of charge. Ginzo steals passwo
Soviet Locker ransomware is malware that was discovered by MalwareHunterTeam. It encrypts files and displays a pop-up window with a timer and an input field for entering a decryption password. Cybercriminals behind Soviet Locker do not demand payment. Files encrypted by this malware can be decrypt
Wdlo is one of the ransomware variants belonging to a ransomware family called Djvu. We have discovered this variant while examining the samples submitted to VirusTotal. After analyzing Wdlo, we have found that it encrypts files, appends its extension (".wdlo") to filenames, and generates a text f
Our researchers found inancukan[.]xyz while inspecting untrustworthy sites. This webpage is designed to promote browser notification spam and redirect visitors to other (likely dubious/malicious) websites. Most users enter pages like inancukan[.]xyz via redirects caused by sites using rogue advert
Explus is a piece of malicious software classified as ransomware. Our researchers found it while inspecting new submissions on VirusTotal. After being launched on our test machine, this ransomware encrypted files and appended their filenames with a ".explus" extension. For example, a file initial
SoftwareHelper is an adware-type application that our research team discovered while inspecting new submissions to VirusTotal. This piece of software operates by running intrusive advertisement campaigns (displaying ads), and it can have other harmful functionalities. We also learned that it bel
Separashpar[.]xyz is an untrustworthy web page that uses a clickbait technique to trick visitors into allowing it to show notifications. Also, it redirects visitors to other questionable sites. Our team has discovered separashpar[.]xyz while examining pages that use shady advertising networks.