WhiteSnake (also known as Gurcu) is an information-stealing malware that extracts a range of sensitive information from infected computers. The threat actors who developed WhiteSnake sell their malware on a hacker forum. This malware can be purchased for varying durations of access, with prices ra
While investigating new submissions to VirusTotal, our research team discovered the RadianceChecked app. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It is designed to display a
Upon conducting tests on the Ocean Saver browser extension, we determined that it is a browser hijacker developed to promote oceansaver.net, a fake search engine. This extension achieves this objective by modifying a web browser's settings. Typically, users download and install/add browser hijacke
Lilmoon is ransomware belonging to the VoidCrypt family. We discovered Lilmoon while analyzing malware samples submitted to VirusTotal. In addition to encrypting data, Lilmoon appends the victim's ID, encrypt.ns@gmail.com email address, and the ".lilmoon" extension to filenames and creates a ranso
Our researchers discovered the Ssaw ransomware during a routine inspection of new submissions to VirusTotal. Ransomware is designed to encrypt data and demand payment for its decryption. After we launched a sample of Ssaw on our test machine, it encrypted files and appended their filenames with a
During our testing of the AssistiveBalance application, our team identified that it displays aggressive and unwanted advertisements. Due to this behavior, we have classified AssistiveBalance as adware, which refers to software that is designed to generate revenue by displaying advertisements. Ty
Qotr, a variant belonging to the Djvu ransomware family, encrypts data and adds the ".qotr" extension to filenames. Qotr creates a "_readme.txt" file to provide contact and payment information. As an illustration of its file renaming method, Qotr changes "1.jpg" to "1.jpg.qotr", "2.png" to "2.png.
Our research team discovered the Quick Video Find browser extension during a routine investigation of untrustworthy websites. Quick Video Find promises the functionality of providing easy access to free downloads of audio/video from browsed websites. However, after inspecting this extension, we de
While investigating suspicious websites, our researchers found one endorsing the Hockey Start browser extension. It is presented as a tool for quick access to hockey sports related online content. However, after we analyzed this extension, we determined that it changes browser settings to promote
Our research team discovered the Music application while inspecting suspicious websites. After investigating this app, we determined that it is advertising-supported software (adware). In other words, Music operates by running intrusive advertisement campaigns. Adware is designed to delive