While examining malware samples uploaded to VirusTotal, we discovered ransomware called Snea575. Our analysis uncovered that Snea575 is based on Chaos ransomware. It encrypts files, appends the ".hackedbySnea575" extension to filenames, changes the desktop wallpaper, and creates the "README_txt.tx
During our examination of malware samples uploaded to the VirusTotal platform, we identified Waqq ransomware, which encrypts files and appends the ".waqq" extension to the filenames of the encrypted files. Furthermore, Waqq creates a ransom note (the "_readme.txt" file). An example of how Waqq ch
During our analysis of malware samples submitted to VirusTotal, our team discovered Gaqq, a variant belonging to the Djvu ransomware family. Gaqq primarily focuses on encrypting files. Additionally, it alters filenames by appending the ".gaqq" extension, and generates a ransom note titled "_readme
EnumeratorMachine is a rogue application that we discovered while investigating new submissions to the VirusTotal site. This app is designed to run intrusive ad campaigns – hence, it is classified as adware. Additionally, EnumeratorMachine is part of the AdLoad malware family. Adware sta
While examining deceptive websites, we discovered the "Virus Has Been Detected On Your Device" technical support scam. It makes false claims regarding infections on the visitor's device and it being blocked due to illegal activity. The goal is to trick victims into calling the provided fake helpli
While investigating questionable websites, our researchers discovered the allcommonstories[.]com rogue page. It is designed to promote browser notification spam and redirect visitors to other (likely unreliable/hazardous) sites. Most users enter allcommonstories[.]com and webpages akin to it via
Our research team found the OpticalFraction rogue application during a routine inspection of new submissions to the VirusTotal website. After investigating this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware is designe
While inspecting new submissions to the VirusTotal website, we discovered the FormatClick application. After investigating this piece of software, we determined that FormatClick is adware, and that it is part of the AdLoad malware family. Adware stands for advertising-supported software.
Muggle is the name of an information stealer developed using the Go programming language. This malware is capable of stealing passwords, capturing screenshots, and gathering certain system information. Muggle should be removed from infected operating systems as soon as possible. By surrept
TOITOIN is a trojan-type malware with information-stealing capabilities. This piece of malicious software has been observed as the final payload in sophisticated multi-stage infections. The attacks were highly targeted and leveraged against businesses based in the Latin American region. Th