While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Xorist family dubbed Rans-A. This ransomware encrypts files, appends the ".Rans-A" extension to filenames, creates the "HOW TO DECRYPT FILES.txt" file, and displays an error message t
DotRunpeX is the name of an injector-type malware. This program is written in .NET and has been around since at least 2022. There are multiple variants of DotRunpeX. This malware serves as an integral part of infection chains and is typically delivered in the second stage of the process. The purpo
We have inspected searchwebhub.com and found that it is a search engine that shows ads and may provide misleading results. Thus, searchwebhub.com is not a reliable search engine and should not be used. It is worth mentioning that search engines of this kind usually are promoted through browser hij
Downloader for Image is promoted as a browser extension that enables users to download images from websites. However, during our testing, we discovered that it generates advertisements, making it an advertising-supported application. It should be emphasized that such applications are often distrib
Tywd is a type of ransomware that encrypts files stored on a victim's computer and demands payment in exchange for decryption tools. Our team stumbled upon Tywd while monitoring the VirusTotal website for newly submitted malware samples. Tywd appends the ".tywd" extension to the filename of each e
During our analysis of malware samples recently submitted to VirusTotal, our team discovered a ransomware called Tycx. Further investigation revealed that Tycx belongs to the Djvu ransomware family, and it is programmed to encrypt files, append the ".tycx" extension to their filenames, and generat
Our researchers found the eutrack[.]work rogue webpage while inspecting suspect websites. Ir operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/harmful) sites. Most users enter pages like eutrack[.]work through redirects caused by websites that us
While investigating suspicious sites, our researchers found the tomp3[.]cc webpage. This is a YouTube converter/downloader, i.e., it allows users to convert the URLs of videos hosted on said platform into downloadable MP3 files. This service infringes copyright laws. Furthermore, tomp3[.]cc is mo
After analyzing this email, our team has concluded that its intent is to deceive recipients into divulging personal information. Such emails are commonly known as phishing emails. The email in question alleges that the recipient has won a lottery, but all of the claims made in the email are false.
During our examination of Lowdown, we found that this program displays annoying advertisements that can open untrustworthy websites. Therefore, we classified Lowdown as adware. In most cases, users download and install advertising-supported software without knowing that the installed software disp