While browsing new submissions to the VirusTotal website, our researchers discovered Zola ransomware. It is part of the Proton ransomware family. Zola operates by encrypting files and demanding payment for the decryption. On our testing system, this ransomware encrypted files and modified their n
Our analysis of snadsspace[.]com has shown that it is a deceptive website designed to display misleading content. Snadsspace[.]com is created to trick users into allowing it to show notifications through a clickbait technique. This and similar web pages should not be trusted. Snadsspace[.]
Stringent.app is a rogue application discovered by our researchers during a routine review of file submissions to the VirusTotal website. Upon examination, we learned that Stringent.app is adware belonging to the Pirrit malware family. Advertising-supported software runs intrusive ad campaigns a
SharpRhino is a remote access trojan (RAT) written in C# programming language. Upon execution, SharpRhino sets up persistence and grants the attacker remote access to the device. It gains elevated permissions to ensure the attacker can continue their activities with minimal interference. R
Our research team found Dem.app while investigating new file submissions to the VirusTotal website. After inspecting this application, we determined that it is advertising-supported software (adware). Dem.app belongs to the Pirrit malware family. Adware runs intrusive advertisement campa
During our examination of the Germanize.app application, we discovered that it belongs to the Pirrit family and delivers intrusive advertisements. Applications of this type are categorized as adware. It is recommended to avoid installing adware on computers to avoid potential risks. If an app li
Blue is ransomware from the Phobos family. We discovered this variant while inspecting malware samples uploaded to VirusTotal. Our analysis has shown that Blue encrypts files and renames them by appending the victim's ID, givebackdata@mail.ru email address, and ".blue" extension. Also, Blue create
Upon inspecting squipisioncha.co[.]in, we concluded that this web page cannot be trusted. It uses clickbait to lure visitors into accepting its notifications. Users should never agree to receive notifications from websites of this kind. It is worth noting that users rarely open websites like squip
We have reviewed pleadsbox[.]com and found that it is a deceptive site designed to trick users into allowing it to show notifications. In most cases, users accidentally visit such sites. Users who have granted pleadsbox[.]com permission to display notifications should revoke this permission to avo
Our research team discovered the poopsylifort[.]com webpage during a routine investigation of dubious sites. After examining this rogue page, we determined that it is designed to endorse browser notification spam and generate redirects to other (likely unreliable/harmful) websites. Users primaril