After downloading and launching ExpressDefault's sample, our researchers found it to be an adware-type app. In other words, it runs intrusive advertisement campaigns (displays various ads). We also determined that ExpressDefault belongs to the AdLoad malware family. Furthermore, it may exhibit
After installing the Easy-Search application, we have noticed that it has changed the web browser's settings (and did not allow to modify them) to easysearch.club - a search engine that shows results generated by Bing (bing.com). Thus, it can be stated with certainty that Easy-Search is a browser
PDFConverterSearchNow is a rogue browser extension. After analyzing it, our researchers have concluded that this piece of software operates as a browser hijacker. PDFConverterSearchNow changes browser settings and promotes the pdfconvertersearchnow.com fake search engine. On our test syste
We discovered AMC ransomware while inspecting ransomware samples submitted to VirusTotal. While analyzing the AMC ransomware sample, we saw that it encrypts files and appends a different extension (containing four random characters) to filenames. For example, AMC has renamed "1.jpg" file to "1.jp
When inspecting recently submitted ransomware samples to VirusTotal, we discovered and analyzed a new variant named 4ywda. This malicious program is designed to encrypt data (lock files) and demand payment for the decryption. During our analysis, it appended affected files with a random character
Security-defender[.]xyz is a website that our malware researchers have discovered while looking for pages designed to trick visitors into agreeing to receive deceptive notifications. It is an untrustworthy page asking for permission to deliver notifications and displaying deceptive content.
Our researchers have found yet another adware-type application called DigitalProgram. We have concluded that this piece of software operates as adware. It also belongs to the AdLoad malware family. We have researched many samples from said group, and while during our testing - we did not observ
PseudoManuscrypt is the name of the malware that spies on victims. It is similar to another malware called Manuscrypt. We have discovered PseudoManuscrypt while checking installers for pirated software (one of the examples is a fake pirated installer for SolarWinds - a network monitoring software)
KeyWright displays advertisements and promotes a fake search engine. It is advertising-supported software that has traits of a browser hijacker. Additionally, KeyWright can read sensitive information from websites. Usually, apps of this kind are promoted and distributed using questionable (often
GlobalProcesser is advertising-supported software, which means it generates advertisements. Also, this app hijacks a web browser (changes its settings) to promote a fake search engine. GlobalProcesser is distributed using a fake Adobe Flash Player installer. GlobalProcesser displays adve