Our research team discovered the ContentRanger application during a routine investigation of new submissions to the VirusTotal site. After analyzing this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware is designed to ge
After examining the "USPS - Your Package Is Waiting For Delivery" email, we determined that it is fake. This spam letter claims that the recipient has outstanding delivery fees and redirects them to a fraudulent USPS website. This phishing site records provided information. It must be stressed th
While investigating new submissions to the VirusTotal website, our researchers discovered DontCryLol – a ransomware-type program identical to Ransomwarebit and Backshow. This malware encrypts data and demands ransoms for its decryption. On our test machine, DontCryLol encrypted files. To their fi
After inspecting the "Updated Terms of Use" email, we determined that it is malspam. This mail is presented as a notification from Zilliow – a tech real-estate marketplace company – informing the recipient of updates to the Terms of Use updates. This email aims to trick recipients into opening the
ExplorationSprint is an adware-type application that our research team discovered while inspecting new file submissions to VirusTotal. This app is part of the AdLoad malware family. ExplorationSprint operates by feeding users with unwanted and potentially malicious ads. Adware stands for
During our examination of the Quick tail application, we observed its ability to manipulate web browsers by implementing specific modifications to their settings. These types of applications fall under the category of browser hijackers. Usually, browser hijackers are promoted and distributed using
While investigating new submissions to VirusTotal, our researchers discovered another Phobos ransomware called Kmrox. Malware within the ransomware category is designed to encrypt data and demand payment for its decryption. On our testing machine, Kmrox encrypted files and changed their filenames
Payola is ransomware designed to encrypt data, append the ".Payola" extension to filenames, change the desktop wallpaper, and create a ransom note ("Recovery_Guide.html"). An example of how Payola renames files: it changes "1.jpg" to "1.jpg.Payola", "2.png" to "2.png.Payola", and so forth. Scr
After examining the Search101 browser extension, it became apparent that its purpose is to serve as a browser hijacker, with the goal of promoting find.dnavigate-now.com, a fake search engine. Search101 modifies the settings of a web browser, effectively taking control of it. It is important to h
During the analysis of malware samples submitted to VirusTotal, our team encountered the Wzer ransomware, which is associated with the Djvu family. Upon infecting a computer, Wzer encrypts a range of files and appends the ".wzer" extension to their original filenames. For instance, a file named "1