We discovered Hyena ransomware while analyzing malware samples submitted to VirusTotal. During the examination, we found that Hyena is part of the MedusaLocker family. The ransomware encrypts files and appends the ".hyena111" extension. Also, Hyena provides a ransom note ("READ_NOTE.html") and cha
Our team has inspected ProductConfig and discovered that its purpose is to display advertisements. Apps with such traits are classified as adware. ProductConfig can show misleading ads designed to promote untrustworthy websites. Therefore, users should avoid installing ProductConfig on their com
In our analysis, we discovered that enhancedefense[.]com runs the "You've visited illegal infected website" scam and can send deceptive notifications (if permission is given). Enhancedefense[.]com can expose users to other scams and untrustworthy websites. Users should not visit enhancedefense[.]c
Our researchers discovered totalwebarmorsolutions[.]com while browsing suspect sites. We determined that this rogue webpage promotes browser notification spam and produces redirects to different (likely unreliable/dangerous) websites. Visitors to totalwebarmorsolutions[.]com and pages akin to it
During a routine inspection of new submissions to the VirusTotal platform, our researchers discovered the ProjectSet application. After examining this piece of software, we determined that it is adware from the AdLoad malware family. Apps within this classification typically operate by displayi
WeRus is a ransomware-type program designed to encrypt files and demand payment for the decryption. After we executed a sample of WeRus on our testing system, it encrypted files and appended their names with a ".werus" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.weru
Our researchers discovered the mobitera[.]online rogue page while browsing suspicious websites. It promotes deceptive content and browser notification spam. Mobitera[.]online can also redirect to other (likely untrustworthy/harmful) sites. Most users access these webpages via redirects caused by w
While reviewing new submissions to the VirusTotal platform, our researchers discovered the ClientPartition application. After investigating it, we learned that it is adware belonging to the AdLoad malware family. Advertising-supported software is designed to run intrusive advertisement campaigns
Our inspection of opdomain22[.]online has shown that this page promotes a fraudulent scheme similar to the "TROJAN_2023 And Other Viruses Detected (5)" scam. Also. opdomain22[.]online wants to send notifications and, if allowed, bombards users with more fake warnings and other messages. Users shou
We have analyzed networkspeedchain.co[.]in and concluded that it is a deceptive site designed to trick visitors into agreeing to receive its notifications. These notifications promote other unreliable and potentially malicious pages. Therefore, users should not permit networkspeedchain.co[.]in to