CryptoClippy is malware that operates as a cryptocurrency clipper. The primary function of this malicious software is to monitor the victim's clipboard and to recognize instances where the victim copies a cryptocurrency wallet address. Once identified, the malware replaces the copied wallet addres
While examining malware samples submitted to VirusTotal, our team encountered a fake ransomware (known as "scareware") named RED BANNER. The primary objective of RED BANNER is to deceive unsuspecting users into thinking that their files have been encrypted and that payment is required to regain ac
While examining several deceitful websites that falsely claimed to provide software updates, our team came across a shady app named as MicroInput. Once installed, this app started exhibiting unwanted ads, prompting us to classify it as adware. In addition to displaying ads, MicroInput may gather
During our inspection of World Clock, we found that the purpose of this app is to hijack a web browser by changing its settings. World Clock is a browser hijacker that promotes a fake search engine (search.world-clock-tab.com). It is worth noting that a big part of apps of this type is promoted an
After conducting tests on the SkilledRotator application, our team has determined that it functions as adware. While it is installed, SkilledRotator generates unwanted advertisements and may be able to access sensitive information. Adware is frequently promoted and distributed using shady method
During our analysis of Speak Text, we learned that it functions as a browser hijacker that promotes search.speak-text-tab.com, a fake search engine. Speak Text hijacks a web browser by modifying its settings. In addition, Speak Text can read various data. Thus, it is recommended to avoid adding th
Kiwm is a type of malware that is part of the Djvu ransomware family. We came across Kiwm during our analysis of malware samples submitted to VirusTotal. It works by encrypting files, adding the ".kiwm" extension to their names, and leaving a ransom note (the "_readme.txt" text file). An example
Kifr belongs to the Djvu family of ransomware and follows the pattern of encrypting files and appending the ".kifr" extension to their names. The ransomware also creates a "_readme.txt" file with instructions on how to pay the ransom. Our researchers discovered Kifr while analyzing malware samples
During our investigation of SkipAds for Youtube, we discovered that it presents intrusive advertisements, which led us to classify this browser extension as adware. Ironically, its name suggests that it blocks ads. It is important to note that users often unintentionally download and install adwar
Proton is ransomware that our team discovered on VirusTotal while checking the page for recently submitted malware samples. We found that Proton encrypts files, appends the kigatsu@tutanota.com email address, victim's ID, and, depending on the variant, ".Proton" or ".kigatsu" extension to filename