PartitionControl is a rogue application discovered by our researchers during a routine inspection of new submissions to VirusTotal. After investigating this software, we determined that it is adware. PartitionControl is part of the AdLoad malware family. Advertising-supported software (adware) i
While investigating new submissions to the VirusTotal site, we discovered the JOKER ransomware. This malicious program is based on Chaos ransomware. Malicious software within this classification encrypts data and demands payment for its decryption. On our testing machine, JOKER (Chaos) ransomware
Our examination of the page (kinto-19q.pages[.]dev) has shown that it is a copy of kinto[.]xyz. The fake website is created by scammers who indent to steal cryptocurrency from unsuspecting individuals. They aim to achieve it by tricking individuals into taking specific steps. Thus, kinto-19q.pages
We have reviewed the email and found that it is written by scammers who pretend to be representatives of WalletConnect, a legitimate IT service management company. This scam email is utilized to trick recipients into disclosing personal information via a fake web page. Recipients should ignore thi
This "CoinMarketCap Token Presale" is fake. The scam is supposedly running a presale event with a 10% bonus, and when users attempt to participate – they are tricked into exposing their digital wallets to a cryptocurrency drainer. Hence, victims of this scam can lose all or most of the funds stor
CyberVolk is ransomware designed to encrypt files and append the ".cvenc" extension to filenames. Also, CyberVolk displays a pop-up window and creates the "CyberVolk_ReadMe.txt" file containing a ransom note. An example of how CyberVolk renames files: it changes "1.jpg" to "1.jpg.cvenc", "2.png" t
After examining UpgradeConnection, we discovered that it generates multiple intrusive advertisements. Therefore, we have categorized UpgradeConnection as adware. Such software is often marketed as useful without fully disclosing its functionality. Users are advised not to download and install ap
Cyb3r Bytes is a variant of CyberVolk ransomware. Once a computer is infected with Cyb3r Bytes, files become encrypted and the ".cvenc" extension is appended to their filenames. Also, two ransom notes containing similar text are generated: a pop-up window and the "CyberVolk_ReadMe.txt" file. An e
Upon inspecting ParameterNetwork, we found that it is designed to generate various intrusive advertisements. Thus, we classified ParameterNetwork as adware. It is common for software of this type to be promoted as useful without mentioning that it delivers ads. Users should avoid installing apps
Our researchers found the Sorcery ransomware while browsing file submissions to the VirusTotal platform. This malicious program is designed to encrypt data and demand ransoms for its decryption. After we executed a sample of Sorcery on our testing system, it encrypted files and added a ".sorcery"