When examining malware samples submitted to VirusTotal, we discovered a new member of the Xorist family dubbed WoXoTo. WoXoTo is ransomware, a type of malware designed to encrypt files. Also, WoXoTo provides two ransom notes (creates the "HOW TO DECRYPT FILES.txt" file and displays a pop-up messag
After examining the Wharf.app application, we have determined its primary function is to deliver advertisements to users, categorizing it as adware (this particular app belongs to the Pirrit family). These types of applications are well-known for displaying deceptive ads and possibly gathering u
Upon scrutinizing the ExpandedSample application, we have concluded that its core purpose revolves around delivering various advertisements to users, classifying it as adware. Such applications are infamous for showcasing misleading ads and potentially collecting a range of user data. Thus, it i
AssistiveTool is a rogue app discovered by our research team during a routine inspection of new submissions to the VirusTotal platform. Upon examination, we determined that AssistiveTool is advertising-supported software (adware). This application is part of the AdLoad malware family. Ad
Our researchers discovered the Cute Foxes browser extension while investigating dubious websites. This piece of software promises to display images depicting foxes on users' browsers. However, after testing this extension – we determined that it is a browser hijacker. Cute Foxes makes changes to
Our research team discovered the SkilledAccess adware while checking out new submissions to the VirusTotal website. After analyzing this piece of software, we determined that it is adware from the AdLoad malware family. SkilledAccess operates by running intrusive advertisement campaigns.
While browsing suspicious sites, our researchers found a webpage promoting the "Threat Detected: xxbc Detected" technical support scam. Schemes of this kind claim that visitors' devices are infected or otherwise in danger and urge them to call bogus support lines. Once the scammers are contacted,
MINIBUS is a backdoor malware developed in C++, offering a range of capabilities such as extracting files, executing commands, communicating with cloud infrastructure, and more. Once activated, it grants cybercriminals unauthorized access to infected computers. MINIBUS acts as a backdoor,
MINIBIKE is a sophisticated backdoor malware crafted in C++, featuring a suite of functionalities such as file exfiltration, command execution, and communication with cloud infrastructure. Upon infiltration, it grants cybercriminals unauthorized access to compromised computers. MINIBIKE's
Ysearcher.com is the address of a fake search engine. These pages typically cannot provide search results and redirect to legitimate Internet search websites. Fraudulent search engines are usually promoted (via redirects) by browser hijackers. Software within this classification tends to alter br