KoRyA is the name of ransomware belonging to the Xorist family. Our malware researchers discovered KoRyA while examining samples submitted to VirusTotal. We learned that KoRyA encrypts data, appends the ".KoRyA" extension to filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FIL
Bettercallsaul is a ransomware-type program that our researcher team discovered while inspecting new submissions to VirusTotal. After being executed on our test machine, this malicious program encrypted files and appended their names with a ".bettercallsaul" extension. To elaborate, a filename su
While examining malware dubbed Zouu, we found that it is ransomware that encrypts files and appends the ".zouu" extension to filenames. Also, Zouu creates the "_readme.txt" file (a ransom note). An example of how Zouu renames files: it changes "1.jpg" to "1.jpg.zouu", "2.png" to "2.png.zouu", and
Our inspection of the "Unknown Browser Login" email revealed that it is spam operating as a phishing scam. It is presented as an email account security notification alerting the recipient that there has been a suspicious log-in. This spam mail aims to extract users' email account passwords through
We have examined the IPTV Player application and found that it is an advertising-supported browser extension that shows intrusive advertisements. In most cases, users install (or add) adware inadvertently since it is often promoted and distributed using questionable methods. Our team discovered IP
After installing a fake Adobe Flash Player setup on our test system, we discovered the MajorLetterSearch application. It operates as advertising-supported software (adware), i.e., delivers intrusive ad campaigns. Additionally, we determined that MajorLetterSearch is part of the AdLoad malware fa
While testing the ExtendedTech application, our team discovered that it displays intrusive advertisements. Therefore, we classified this app as adware. It is common for adware to be promoted and distributed using questionable (often deceptive) methods. Thus, users often download and install it i
While inspecting malware samples submitted to the VirusTotal website, we discovered a ransomware variant belonging to the Dharma family dubbed Mao. We found that Mao encrypts files and appends the victim's ID, sony.mao@techmail.info email address, and ".mao" extension to filenames. Also, Mao disp
While checking the VirusTotal page for recently submitted malware samples, our team discovered ransomware belonging to the Djvu family dubbed Zoqw. This malware encrypts files, appends the ".zoqw" extension to filenames, and drops the "_readme.txt" file containing a ransom note. An example of how
After examining bikemolktwo[.]xyz, we learned that it runs the "McAfee - Your PC is infected with 5 viruses" scam. It uses deceptive marketing to promote legitimate antivirus software. Also, bikemolktwo[.]xyz wants to show notifications. Our team discovered bikemolktwo[.]xyz while analyzing pages