During our analysis of malware samples uploaded to VirusTotal, we encountered Yytw, a ransomware variant linked to the Djvu family. Yytw encrypts files, appends the ".yytw" extension to their filenames, and generates a ransom note in the form of a text file named "_readme.txt". An example of how
While examining malware samples uploaded to VirusTotal, we came across Yyza, a ransomware variant associated with the Djvu family. Yyza encrypts files, adds the ".yyza" extension to their names, and creates a ransom note (a text file named "_readme.txt"). An example of how Yyza modifies file name
Our researchers discovered the LevelSmite application during a routine investigation of new submissions to the VirusTotal site. After examining this piece of software, we learned that it is adware belonging to the AdLoad malware family. LevelSmite operates by running intrusive advertisement camp
Our researchers discovered the Forestab browser extension while inspecting suspect websites. It is endorsed as a tool that displays nature-themed browser wallpapers. After examining this extension, we determined that it is a browser hijacker. Forestab makes alterations to browser settings in orde
FeaturePerformance is a piece of rogue software that we discovered while investigating new submissions to the VirusTotal website. After analyzing this app, we learned that it is advertising-supported software (adware). FeaturePerformance is part of the AdLoad malware family. Adware aims
Our research team discovered the CargoPreview rogue application while reviewing new submissions to VirusTotal. It displays ads and likely has other harmful capabilities. Due to this behavior, CargoPreview is classified as adware. This app belongs to the AdLoad malware family. Adware stan
While inspecting new submissions to the VirusTotal website, our researchers discovered the CryBaby malicious program. It is designed to encrypt data and demand payment for the decryption – due to this behavior, CryBaby is classified as ransomware. On our test machine, it encrypted files and added
Our analysis of the "Suspicious Malwares Detected" email revealed that it is spam. It falsely claims that the recipient's email account is infected and the device is at high risk. This spam mail aims to trick recipients into disclosing sensitive information. The spam letter's subject state
Upon examining the PoolDen application, our analysis revealed its presentation of intrusive advertisements, classifying it as adware or advertising-supported software. Users often install apps like PoolDen without being fully aware of how they operate. It is recommended to remove PoolDen or simi
In our examination of the Recycling Tree browser extension, our team noticed that it modifies certain web browser settings to promote a fake search engine called search.recyclingtree.net. Such behavior categorizes the application as a browser hijacker. Typically, users add apps like Recycling Tree