Our researchers discovered the Pro Dark browser extension while inspecting content promoted by deceptive download webpages. This piece of software promises to enable dark mode for websites. However, after analyzing Pro Dark, we determined that it operates as adware. Following successful in
NOKOYAWA is a piece of malicious software classified as ransomware, which our research team found and sampled from VirusTotal. It is designed to encrypt data and demand payment for the decryption. On our test machine, this ransomware encrypted files and appended their filenames with a ".NOKOYAWA"
Our team has examined this email and learned that scammers use it to steal sensitive information. It is disguised as a letter from Microsoft. It also contains a hyperlink designed to open a phishing website requesting an email address and password. The email is disguised as a letter regard
HorizonLiving is an adware-type application our researchers discovered while inspecting new submissions to VirusTotal. It is designed to run intrusive advertisement campaigns, and this app has data tracking abilities. Additionally, we have determined that HorizonLiving belongs to the AdLoad malw
Our team has discovered this scam while visiting pages that use shady advertising networks. After examining the page, we learned that it is a pop-up scam that uses a scare tactic to promote antivirus software (to trick users into purchasing its subscription). It claims that a computer is infected
ShareAdvantage is a rogue app that our researchers found when a user reported it on a support forum. After analyzing this application, we determined that it operates as advertising-supported software (adware). Furthermore, ShareAdvantage is part of the AdLoad malware family. Adware may n
RURansom is a piece of malicious software classified as ransomware. Typically, malware within this classification operates by encrypting files (rendering them inaccessible) to make ransom demands for the decryption (access recovery). However, we learned from the message created by RURansom that th
Pripyat is a cryptocurrency miner our researchers found while inspecting malware-selling hotspots on the Web. We learned that this piece of malicious software is based on the XMRIG cryptominer. Pripyat malware is designed to abuse the resources of victims' machines to generate Monero (XMR) cryptoc
We have encountered this pop-up scam while examining other pages that use rogue advertising networks (sites that display shady ads and open untrustworthy pages). The purpose of this scam is to trick visitors into believing that their computer is infected with viruses and purchasing an antivirus su
Our research team discovered the History-Cleaner browser extension during a routine inspection of questionable download webpages. Following analysis, we determined that this piece of software operates as a browser hijacker. History-Cleaner modifies browser settings to promote the history-cleaner.