While inspecting new file submissions to the VirusTotal website, our researchers discovered the ToolFilter application. Our examination revealed that it is advertising-supported software (adware). ToolFilter is part of the AdLoad malware group. Adware is designed to generate revenue for
Maxask.com is a fake search engine that we discovered while investigating the Max Ask browser hijacker. Unlike most sites of this kind, maxask.com can generate search results, although they are inaccurate. Browser-hijacking software promotes fraudulent search engines via redirects, which are achie
While browsing dubious sites, our researchers found the news-tekica[.]com rogue webpage. Our analysis revealed that it endorses browser notification spam and redirects users to other (likely unreliable/hazardous) websites. Most visitors to news-tekica[.]com and similar pages enter them via redire
Our researchers discovered EnhancementSkills while investigating new submissions to the VirusTotal site. After examining this app, we determined that it is adware from the AdLoad malware family. EnhancementSkills is designed to run intrusive advertisement campaigns. Adware stands for adv
While inspecting suspicious sites, our researchers discovered ratorsa[.]com. This rogue webpage endorses browser notification spam and causes redirects to other (likely untrustworthy/harmful) websites. The majority of users access ratorsa[.]com and similar pages via redirects generated by sites us
Our research team found Malware Mage ransomware during a routine investigation of new submissions to the VirusTotal platform. Malicious software within this classification encrypts data and demands ransoms for its decryption. Once we launched a sample of Malware Mage on our testing system, it enc
Fog is ransomware designed to encrypt files and append the ".FOG" or ".FLOCKED" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.FOG" (or "1.jpg.FLOCKED") and "2.png" to "2.png.FOG" (or "2.png.FLOCKED"). Also, Fog ransomware drops the "readme.txt" file containing a ransom note.
Our researchers discovered PDFCastle PUA (Potentially Unwanted Application) while inspecting untrustworthy websites. According to its promotional material, this app allows users to view, create, edit, and convert PDFs to other formats (including Microsoft Word documents). Instead of operating as
We have examined this email and found that it is a fake confirmation notification supposedly from PayPal. Scammers behind this email are likely attempting to trick recipients into providing sensitive information, transferring money, or taking other actions. Recipients are strongly advised not to r
After investigating the "DOGEVERSE Pre-launch", as promoted on appsclaim-dogeverse[.]com, we determined that it is a scam. It is an almost perfect visual copy of the Dogeverse ecosystem (thedogeverse[.]com). The fake site operates as a phishing scam and targets victims' cryptowallet log-in credent