VideoProgramRanking is a piece of rogue software that we discovered while investigating new submissions to the VirusTotal website. After inspecting this application, we determined that it is advertising-supported software (adware). VideoProgramRanking is part of the AdLoad malware family.
Our inspection of the "Your Mail Version Is Currently Being Disconnected" email revealed that it is spam. This letter informs the recipient that they have undelivered messages and that their current mail version will be disconnected. As the recipient attempts to upgrade it, they are redirected to
In the course of our examination of the NodeZipArray application, our team noted its frequent display of advertisements, categorizing it as adware. It's important to emphasize that such software is often promoted and disseminated through deceptive methods, which can result in users unknowingly i
While investigating new submissions to VirusTotal, our research team discovered the NWOransom malicious program. It is based on Chaos ransomware. Malware within the ransomware classification encrypts data in order to demand payment for its decryption. On our test machine, a sample of NWOransom en
During our analysis of the RepairEnumerator application, our team observed that it displays numerous advertisements, classifying it as adware. It is crucial to highlight that such software is frequently promoted and distributed through deceptive means, leading users to install programs like Repa
After inspecting this "C&K STEEL COMPANY" email, we determined that it is malspam. It is presented as an inquiry regarding a potential purchase, the details of which can be found in the attached file. However, once opened – the malicious attachment initiates a system infection chain. It must
In our evaluation of the Primates browser extension, we discovered worrisome activities, including the activation of the "Managed by your organization" feature in Chrome browsers, manipulation of specific browser elements, and the collection of data. Our encounter with Primates occurred during an
MAGASKOSH is ransomware that encrypts files and displays a ransom note on the locked screen. It also appends the ".magaskosh" extension to filenames. For instance, MAGASKOSH renames "1.jpg" to "1.jpg.magaskosh", "2.png" to "2.png.magaskosh", and so forth. Screenshot of files encrypted by this
During our examination of the GallusGallus browser extension, we uncovered concerning actions such as enabling the "Managed by your organization" functionality in Chrome browsers, controlling specific browser components, and gathering data. Our interaction with GallusGallus took place while invest
While inspecting suspect sites, our researchers discovered the shielding-fordevice[.]com rogue webpage. It has several variants that promote scams and browser notification spam. This page can also redirect users to other (likely dubious/malicious) websites. Most visitors to webpages like shieldin