Anubis is a malicious program written in the Python programming language. It is classed as a backdoor – a type of malware that opens a "backdoor" into systems and infiltrates additional malicious software. Anubis malware has been around since at least 2025. It has been linked to a threat actor du
Our researchers found the ExpandedFraction app while browsing new submissions to the VirusTotal website. After inspecting this application, we learned that it is adware from the AdLoad malware family. ExpandedFraction is designed to generate revenue for its developers through advertising.
MattVenom is ransomware that our team discovered during an examination of malware samples submitted to VirusTotal. It is identical to other ransomware, such as RdpLocker, CATAKA, and S.H.O. Once executed, MattVenom encrypts files and appends a random extension to them. Also, the ransomware changes
While investigating new submissions to the VirusTotal platform, our research team discovered Anonymous – a malicious program that is part of the Xorist ransomware family. Malware of this kind encrypts data and demands ransoms for its decryption. On our test machine, Anonymous (Xorist) ransomware
We discovered Elons ransomware during an inspection of malware samples uploaded to VirusTotal. This ransomware is identical to Anubi, Louis, and Innok. Upon infiltration, Elons encrypts files and appends the ".Elons" extension to them. It also changes the desktop wallpaper, displays a note on the
MicroBrowser is a rogue application discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. After examining this app, we determined that it is adware. MicroBrowser belongs to the AdLoad malware family. Adware stands for advertising-supporte
Moscovium is the name of a ransomware-type program. It operates by encrypting data and demanding payment for the decryption. Files encrypted by this malware are appended with a ".m0sC0v1um" extension. For example, a file originally named "1.jpg" would appear as "1.jpg.m0sC0v1um", "2.png" as "2.png
Our inspection of the "Bank Details" email revealed that it is spam. This message claims that the invoice sent by the recipient lacks their company bank details, so the sender asks for this information. This spam mail aims to lure victims into visiting a phishing website that targets email account
While inspecting new file submissions to the VirusTotal platform, our researchers discovered MethodApplication. After examining this piece of software, we determined that it is adware from the AdLoad malware family. This app operates by delivering intrusive advertisement campaigns. Adwar
During our analysis of ActiveProcesser, we noticed that it is designed to display unwanted and often intrusive advertisements. Thus, we classified ActiveProcesser as adware. We also found that multiple security vendors have flagged it as malicious. Overall, ActiveProcesser should be avoided and