We have discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading an
We have discovered the Xioxian while analyzing malware samples submitted to the VirusTotal page. It was found that Xioxian is ransomware. It encrypts files, appends the ".xioxian" extension to filenames, and generates a ransom note (the "#Congratulations#.txt" file). An example of how Xioxian mod
During a routine inspection of new malware submissions to VirusTotal, our research team found the Ynzwj ransomware. This program operates by encrypting data (rendering it inaccessible) and demanding payment for the decryption (access recovery). On our test machine, this ransomware appended the fi
After analyzing StreamUltraSearch, we determined that it operates as a browser hijacker. This piece of software modifies browser settings to promote the streamultrasearch.com fake search engine. Once installed onto our test machine, StreamUltraSearch reassigned the browser's default search
TechPartition is a rogue app our research team found while checking out new submissions to VirusTotal. When we installed this piece of software onto our test machine, we learned that it operates as adware. Additionally, we determined that TechPartition belongs to the AdLoad malware family.
Notificationstech[.]com is an untrustworthy website designed to trick visitors into allowing it to show notifications. Our team has discovered it while inspecting other sites that use rogue advertising networks (various illegal streaming, torrent sites, and so on). Another problem with notificatio
Dodohacked is the name of a ransomware-type program our research team discovered during a routine inspection of new submissions to VirusTotal. This type of malware is designed to encrypt data and demand ransoms for the decryption. When we launched Dodohacked's sample on our test system, it encryp
Our team has discovered the Tail Box application after downloading an app from a shady website. We have examined the app and found that it hijacks a web browser to promote the tailsearch.com address, a fake search engine. Browser hijackers and fake search engines cannot be trusted. Tail Bo
Our researchers discovered the pick dark browser extension during a routine inspection of deceptive download pages. This piece of software promises to enable dark mode for simple design websites. However, we determined that pick dark operates as a browser hijacker and promotes the getsins.com fake
T1000 is ransomware that our team has discovered during the analysis of malware samples submitted to VirusTotal. The purpose of ransomware is to encrypt files and demand a ransom. We found that T1000 renames encrypted files by appending the ".T1000" extension to filenames. For example, it renames