During our examination of the malware known as TransCrypt, which we encountered while analyzing samples submitted to VirusTotal, we uncovered that TransCrypt is ransomware derived from Chaos ransomware. TransCrypt encrypts files, appends a random extension to filenames, changes the desktop wallpap
In our analysis of the Cinema Buzz application, we found that it compels users to visit and use cinema-buzz.com by modifying the settings of their web browser, a practice commonly referred to as browser hijacking. Alongside this browser control, Cinema Buzz may also collect diverse user data.
While checking out new file submissions to the VirusTotal platform, our research team discovered TrackBrowserMultitask. After examining this application, we learned that it is advertising-supported software (adware) from the AdLoad malware family. TrackBrowserMultitask is designed to feed users
Our researchers discovered the SettleTopic adware-type application while reviewing new file submissions to VirusTotal. This app is part of the AdLoad malware family. SettleTopic is designed to run intrusive advert campaigns, and it may have other harmful capabilities. Adware stands for a
Blushingfashionista is a rogue browser extension discovered by our research team during a routine investigation of questionable websites. After examining this software, we determined that it is a browser hijacker. Blushingfashionista makes alterations to browser settings in order to promote the bl
Our research team discovered the SimpleGrid during a routine investigation of new submissions to the VirusTotal site. After examining this piece of software, we determined that it is adware. SimpleGrid belongs to the AdLoad malware family. This app is designed to generate revenue for its develop
After inspecting this "Ledger Firmware Update", we determined that it is a scam. It states that the user's Ledger wallet requires a firmware update. However, once a wallet is exposed to the scam – it begins operating as a cryptocurrency drainer. The Ledger Company is a legitimate business
Dxen is a ransomware-type program discovered by our researchers during a routine investigation of new submissions to VirusTotal. Dxen is part of the Phobos ransomware family. Malware within this category encrypts files and demands payment for the decryption. On our test machine, Dxen encrypted fi
While analyzing malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the GlobeImposter family, dubbed GoodMorning. Upon infecting a system, GoodMorning initiates file encryption and adds the ".goodmorning" extension to filenames. Additionally, it generates a ran
Our research team discovered the Viewndown application during a routine investigation of questionable sites. The app's promotional material presents it as a tool that allows users to pin a selected window and keep it on top of others. Upon inspection, we determined that Viewndown operates as prox