While checking out new submissions to VirusTotal, our researchers discovered yet another malicious program belonging to the Dharma ransomware family – called Pdf. After we launched a sample of Pdf ransomware on our test machine, it encrypted files and altered their filenames. Original titles were
We have inspected this email and determined that it is sent by scammers who aim to trick recipients into believing that they are supposed to receive ten million dollars. Typically, scam emails of this kind are used to extract sensitive information and (or) money from people. They should be marked
While examining pro-shield2023[.]shop, we learned that it runs the "McAfee - Your PC is infected with 5 viruses!" scam. Pro-shield2023[.]shop uses a scare tactic to trick visitors into purchasing antivirus software. Also, this deceptive page asks for permission to show notifications. Pro-s
Pouu is ransomware that belongs to a family called Djvu. Pouu encrypts data, appends the ".pouu" extension to filenames, and provides a ransom note (crates the "_readme.txt" file). Our malware researchers discovered Pouu while examining malware samples submitted to VirusTotal. An example of how P
Poqw is malware belonging to a ransomware family called Djvu. We discovered Poqw while analyzing malware samples submitted to VirusTotal. Poqw encrypts files, appends its extension (".poqw") to filenames, and drops a ransom note (the "_readme.txt" file). An example of how Poqw modifies filenames:
Our researchers discovered the aavpolse[.]xyz rogue page while investigating questionable websites. This webpage is designed to promote scams, push browser notification spam, and cause redirects to other (likely untrustworthy or malicious) sites. Users typically enter aavpolse[.]xyz and similar p
While investigating suspicious sites, our research team discovered the Website Screen Protection browser extension. Its promotional material describes this piece of software as a parental control tool for manually blocking websites. However, our inspection revealed that this extension operates as
While investigating untrustworthy websites, our researchers discovered the totalrecaptcha[.]top rogue webpage. We found that it has two appearance variants (possibly more), which use deceptive content to trick visitors into allowing the page to deliver browser notification spam. Additionally, this
Kodex is a ransomware-type program. Typically, malware within this classification encrypts files and demands payment for their decryption. While Kodex's ransom note claims that this is how it operates – that is untrue. After launching a sample of this ransomware on our test system, we learned tha
Dybdended[.]com is the address of a rogue page discovered by our research team during a routine inspection of suspicious websites. This webpage promotes scams and pushes browser notification spam. Furthermore, it can redirect visitors to other (likely untrustworthy/harmful) sites. Most users acce