While studying malware samples submitted to VirusTotal, we discovered a ransomware variant dubbed GPT. We found that GPT is part of the Dharma family. It encrypts files, appends the ".GPT" extension to filenames, and provides two ransom notes (displays a pop-up window and creates the "AI_SARA.txt"
After an analysis of MovementEvolution, our team has determined that its primary function revolves around displaying intrusive advertisements to users, leading to its classification as adware. Noteworthy is the fact that applications similar to MovementEvolution frequently find their way onto de
During our analysis of malware samples uploaded to VirusTotal, we encountered Yytw, a ransomware variant linked to the Djvu family. Yytw encrypts files, appends the ".yytw" extension to their filenames, and generates a ransom note in the form of a text file named "_readme.txt". An example of how
While examining malware samples uploaded to VirusTotal, we came across Yyza, a ransomware variant associated with the Djvu family. Yyza encrypts files, adds the ".yyza" extension to their names, and creates a ransom note (a text file named "_readme.txt"). An example of how Yyza modifies file name
Our researchers discovered the LevelSmite application during a routine investigation of new submissions to the VirusTotal site. After examining this piece of software, we learned that it is adware belonging to the AdLoad malware family. LevelSmite operates by running intrusive advertisement camp
Our researchers discovered the Forestab browser extension while inspecting suspect websites. It is endorsed as a tool that displays nature-themed browser wallpapers. After examining this extension, we determined that it is a browser hijacker. Forestab makes alterations to browser settings in orde
FeaturePerformance is a piece of rogue software that we discovered while investigating new submissions to the VirusTotal website. After analyzing this app, we learned that it is advertising-supported software (adware). FeaturePerformance is part of the AdLoad malware family. Adware aims
Our research team discovered the CargoPreview rogue application while reviewing new submissions to VirusTotal. It displays ads and likely has other harmful capabilities. Due to this behavior, CargoPreview is classified as adware. This app belongs to the AdLoad malware family. Adware stan
While inspecting new submissions to the VirusTotal website, our researchers discovered the CryBaby malicious program. It is designed to encrypt data and demand payment for the decryption – due to this behavior, CryBaby is classified as ransomware. On our test machine, it encrypted files and added
Our analysis of the "Suspicious Malwares Detected" email revealed that it is spam. It falsely claims that the recipient's email account is infected and the device is at high risk. This spam mail aims to trick recipients into disclosing sensitive information. The spam letter's subject state