In the course of our examination of the NodeZipArray application, our team noted its frequent display of advertisements, categorizing it as adware. It's important to emphasize that such software is often promoted and disseminated through deceptive methods, which can result in users unknowingly i
While investigating new submissions to VirusTotal, our research team discovered the NWOransom malicious program. It is based on Chaos ransomware. Malware within the ransomware classification encrypts data in order to demand payment for its decryption. On our test machine, a sample of NWOransom en
During our analysis of the RepairEnumerator application, our team observed that it displays numerous advertisements, classifying it as adware. It is crucial to highlight that such software is frequently promoted and distributed through deceptive means, leading users to install programs like Repa
After inspecting this "C&K STEEL COMPANY" email, we determined that it is malspam. It is presented as an inquiry regarding a potential purchase, the details of which can be found in the attached file. However, once opened – the malicious attachment initiates a system infection chain. It must
In our evaluation of the Primates browser extension, we discovered worrisome activities, including the activation of the "Managed by your organization" feature in Chrome browsers, manipulation of specific browser elements, and the collection of data. Our encounter with Primates occurred during an
MAGASKOSH is ransomware that encrypts files and displays a ransom note on the locked screen. It also appends the ".magaskosh" extension to filenames. For instance, MAGASKOSH renames "1.jpg" to "1.jpg.magaskosh", "2.png" to "2.png.magaskosh", and so forth. Screenshot of files encrypted by this
During our examination of the GallusGallus browser extension, we uncovered concerning actions such as enabling the "Managed by your organization" functionality in Chrome browsers, controlling specific browser components, and gathering data. Our interaction with GallusGallus took place while invest
While inspecting suspect sites, our researchers discovered the shielding-fordevice[.]com rogue webpage. It has several variants that promote scams and browser notification spam. This page can also redirect users to other (likely dubious/malicious) websites. Most visitors to webpages like shieldin
Our researchers found the mobileunderguard[.]com rogue webpage while checking suspicious sites. This page is designed to run scams and promote browser notification spam. Additionally, it can redirect visitors to different (likely unreliable/dangerous) websites. Most users access webpages like mob
Our research team discovered the NetworkOptimizer adware-type application during a routine inspection of new submissions to the VirusTotal website. Adware stands for advertising-supported software. It is designed to generate revenue for its developers by feeding users with unwanted and deceptiv