While analyzing malware samples submitted to the VirusTotal platform, we encountered a ransomware variant named Ttwq. Ttwq encrypts files and modifies their filenames by adding the ".ttwq" extension. Furthermore, Ttwq is designed to create a text file called "_readme.txt", which contains a message
Our researchers discovered PerfectSave during a routine investigation of new file submissions to the VirusTotal platform. After examining this piece of software, we determined that it is adware belonging to the AdLoad malware family. PerfectSave operates by feeding users undesirable and deceptiv
Our research team discovered the OverallHelpDesk application while reviewing new submissions to the VirusTotal website. This app is advertising-supported software (adware) that is part of the AdLoad malware family. OverallHelpDesk delivers intrusive advertisement campaigns and may have other har
Our researchers discovered the Lapsus$ Group ransomware while investigating new malicious file submissions to the VirusTotal website. It operates by encrypting files to demand ransoms for their decryption. After launching an executable of this malware on our testing system, we learned that the na
While inspecting new submissions to the VirusTotal platform, our research team discovered the PositiveConnectivity adware-type app. It is part of the AdLoad malware family. This application is designed to generate revenue for its developers by feeding users with unwanted and deceptive adverts. I
SULINFORMATICA is a ransomware-type program discovered by our researchers during a routine investigation of new submissions to the VirusTotal website. This malicious program is designed to encrypt data and demand payment for its decryption. After we executed a sample of SULINFORMATICA on our test
SysUpdate is the name of a malware that is classified as a backdoor. Programs within this class are designed to infiltrate systems stealthily and may open a "backdoor" for further infection. While SysUpdate has been around since at least 2020, it has continued to undergo improvements. Historicall
BunnyLoader is the name of malware available for purchase (for $250) by cybercriminals across multiple online forums. It is presented as a Malware-as-a-Service (MaaS) and provides a range of features, such as downloading and executing a second-stage payload and harvesting browser credentials and s
Our researchers found the ProgressivePhase app during a routine inspection of new submissions to the VirusTotal website. After examining this piece of software, we learned that it is adware belonging to the AdLoad malware family. ProgressivePhase is designed to feed users with unwanted and decep
While inspecting a questionable installer obtained from a dubious website, we came across the Mustelidae browser extension. Our examination revealed troubling attributes linked to this application, such as its capability to enable the "Managed by your organization" feature within the Chrome browse