While investigating new malware submissions to VirusTotal, our research team found the Ebaka ransomware. This malicious program is part of the Phobos ransomware family. Ebaka is designed to encrypt files and demands ransoms for their decryption. On our testing system, this malware altered files (
NOOSE is ransomware from the Chaos family. Once a computer is infected, NOOSE encrypts files, appends the ".NOOSE" extension, changes the desktop wallpaper, and creates the "OPEN_ME.txt" file (a ransom note). An example of how files encrypted by NOOSE are renamed: "1.jpg" is changed to "1.jpg.NOOS
In the course of our inspection, we came across the finding that Nematoda is a dubious application distributed via a malicious installer. Once added, Nematoda enables the "Managed by your organization" feature. Also, this extension can read and change various data and manage other extensions (and
GreatestZone is a rogue app classed as adware. This piece of software is part of the AdLoad malware family. It is designed to run intrusive ad campaigns but may exhibit other harmful capabilities as well. Our researchers discovered GreatestZone during a routine investigation of new submissions t
Our examination revealed that ProfessionalServer is an advertising-supported program created to showcase advertisements. Beyond its ad-displaying function, ProfessionalServer may also collect diverse information. Given its lack of reliability, it is recommended to uninstall ProfessionalServer fr
In our examination, we have identified VBScrollLIB as a dubious program distributed through a malicious installer found on an untrustworthy website. The VBScrollLIB application shares similarities with another app named NPhoneRing. Given the unclear purpose of VBScrollLIB, it is advisable not to p
When examining reackened[.]com, it was noted that the page displays deceptive content to trick visitors into taking a specific action. Typically, users land on sites like reackened[.]com through other websites of this kind or similar channels. Thus, it is recommended to avoid visiting reackened[.]
Upon examination of the application, we discovered that Tubulidentata is a suspicious program distributed through a malicious installer. When added to a web browser, Tubulidentata can read and modify various data on visited pages, manage components within the browser, and activate the "Managed by
IntranetSync is a rogue app found by our research team while investigating new submissions to the VirusTotal site. After examining this application, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware operates by displaying adve
Ursidae is the name of a malicious extension discovered by our researchers during a routine investigation of dubious websites. It was promoted in a rogue installer, and such setups are often bundled with multiple pieces of unwanted/harmful software. Ursidae can manage and modify browsers' behavior