Discovered by malware analyst 3xp0rt, Allcome is a clipper-type malicious program. Malware of this type targets cryptocurrencies by replacing clipboard (copy-paste buffer) data for outgoing transactions. Our researchers have looked into Allcome clipper's online promotional material. We fou
Discovered by our research team during a routine inspection on new submissions into VirusTotal, Wgbkr is a ransomware-type program. When launched on our test machine, it encrypted files and appended their filenames with a random character string and the ".wgbkr" extension. For example, a file ori
We have read about the DarkWatchman malware in a blog post written by other malware researchers. We've learned that DarkWatchman is a JavaScript-based Remote Access Trojan (RAT) that cybercriminals distribute using malicious email attachments. We also found that DarkWatchman does not write any fil
Granda Misha is a multifunctional trojan-type malware. Our researchers obtained a sample from VirusTotal and subsequently analyzed and researched this malicious program. Granda Misha has a broad list of functions, meaning that it can be used for varied purposes and cause a wide variety of serious
We have discovered this deceptive page while examining other pages that use questionable advertising networks. The purpose of this site is to trick visitors into downloading and executing a file that is supposed to update the Chrome browser. Our team has downloaded the file and learned that it is
Quick Tag is a rogue browser extension, which our research team has determined to be a browser hijacker. This piece of dubious software modifies browsers to promote the quicknewtab.com fake search engine. Once installed onto our test machine, we observed Quick Tag assigning quicknewtab.com
Our team has examined the bulletspeed-updates[.]com page and found that its purpose is to trick visitors into agreeing to receive notifications that promote untrustworthy websites. We have discovered bulletspeed-updates[.]com while visiting pages that use rogue advertising networks. While
We discovered ResponseIntellect when a Combo Cleaner user reported the presence of suspicious programs on their device. ResponseIntellect is a rogue application, which our researchers have classified as adware. We also determined that it belongs to the AdLoad malware family. Following installat
We have tested the Speed Dial application and found that this app is a browser hijacker designed to promote addonsearch.net (a fake search engine) by changing the web browser's settings. We have discovered Speed Dial while inspecting shady websites (we have downloaded it from a questionable site).
Our malware researchers have discovered a new Phobos ransomware variant while analyzing samples on VirusTotal. While testing this variant, we found that it appends the ".makop" extension (and the victim's ID and back23@vpn.tg email address) to filenames. There is another ransomware called Makop.