Our research team discovered the Xaro ransomware-type program while investigating new submissions to VirusTotal. This program is part of the Djvu ransomware family. After we executed a sample of Xaro on our test machine, it encrypted files and appended their filenames with a ".xaro" extension. To
Our research team found the ughtsustacheds[.]com rogue page while investigating suspect websites. It is designed to promote dubious content and browser notification spam. Additionally, this site can redirect visitors to other (likely unreliable/malicious) webpages. Users typically access pages li
After conducting an analysis of reliablepcmatter[.]com, we have determined that it is a deceptive webpage that promotes the "McAfee - Your PC is infected with 5 viruses!" scam. Additionally, we observed that reliablepcmatter[.]com wants to send notifications. Our team came across this website whil
After examining the "I Will Be Direct You Watch Adult Content" email, we determined that it is used to facilitate a sextortion scam. The spam letter claims that the sender has made a sexually explicit recording of the recipient, which will be sent to their contacts unless a ransom is paid. It mus
We have examined this email and determined that its purpose is to lure recipients into providing personal information. This email contains an attachment designed to display a fake login form. The letter itself is disguised as a notification from Anthem regarding a payment. Recipients should ignore
Our malware researchers discovered ADMON ransomware while analyzing samples submitted to VirusTotal. ADMON encrypts files and appends its extension (".ADMON") to filenames. Also, this ransomware provides a ransom note ("RESTORE_FILES_INFO.txt"). An example of how ADMON changes filenames: it renam
During our examination of websites that use questionable advertising networks, we came across finishedwarmth[.]com, which is one of the many sites that utilize misleading messages to trick visitors into granting permission for notification display. Additionally, while browsing finishedwarmth[.]com
Mackledcity[.]com is a rogue page that our research team found while investigating suspect websites. The webpage is designed to promote browser notification spam and redirect users to different (likely unreliable/malicious) sites. Most users access pages like mackledcity[.]com via redirects caused
SMILE DOG is a ransomware-type program that we discovered while inspecting new submissions to the VirusTotal site. Malware within this classification is designed to encrypt data and demand payment for its decryption. There are several variants of SMILE DOG; the known ones append the encrypted fil
Our research team discovered the Xatz ransomware while inspecting new submissions to the VirusTotal website. Xatz is part of the Djvu ransomware family. This program operates by encrypting data and demanding payment for its decryption. Once executed on our testing system, Xatz began encrypting fi