We have examined the Azazel ransomware (file-encrypting malware) and learned that it belongs to a family of ransomware called Chaos. We also found that it renames encrypted files by appending the ".Azazel" extension, creates the "read_it.txt" file (which contains a ransom note), and changes the de
After installing the Best-CouponSearch browser extension onto our test system, we noticed unwanted redirects to the best-couponsearch.com fake search engine. This was caused by modifications the extension made to browser settings. The described behavior classifies Best-CouponSearch as a browser hi
Our team has discovered the NodeStatisticsProjector application while inspecting samples submitted to VirusTotal. We have examined NodeStatisticsProjector and found that it has traits of an advertising-supported and browser-hijacking application. It displays ads and promotes a fake search engine
Qqqe is a ransomware-type program designed to encrypt data and make ransom demands for the decryption. While analyzing it, we learned that it is yet another program belonging to the Djvu ransomware family. On our test machine, it encrypted files and appended them with the ".qqqe" extension. For e
We have discovered Yoqs while inspecting various download pages for cracked software. Our malware researchers have tested the ransomware sample and found that it is part of the Djvu ransomware family. The Yoqs ransomware encrypts files, appends the ".yoqs" extension to filenames, and provides a ra
Our research team found worldfreshblog[.]com when researching rogue websites. This site is designed to push browser notification spam, but it may also load dubious material and/or redirect visitors to other untrustworthy and harmful webpages. Most visitors to worldfreshblog[.]com and similar webs
During a routine review of new malware submissions on VirusTotal, we found the Punisher Miner cryptominer. Our research revealed that this malicious program is designed to mine Monero, Toncoin, and Ravencoin cryptocurrencies. Cryptominer malware is characterized by its ability to use infec
When looking into new submissions on VirusTotal, we found FaceStealer - an Android-specific trojan. This malware operates as a Facebook social networking account log-in credential stealer. Our research revealed that it is proliferated under the guise of various popular Android applications.
Coolingcola[.]com is a website that we have discovered while inspecting pages that use questionable advertising networks. At the time of the research, coolingcola[.]com was promoting a scam offering to win the iPhone 12 mini and asked for permission to show notifications. The scam promoted
After installing the Tone application onto a test system, our research team discovered that it operates as advertising-supported software (adware). To elaborate, this rogue app delivered various advertisements. We have observed Tone displaying ads. In general, adware can enable the placeme