During our analysis of malware samples submitted to the VirusTotal page, we came across a ransomware strain dubbed Dapo. Upon further investigation, we determined that Dapo belongs to the Djvu ransomware family. Dapo encrypts data, alters file names, and generates a text file ("_readme.txt") conta
Our team found Dazx, a member of the Djvu ransomware family, during a review of malware samples submitted to VirusTotal. The primary objective of Dazx is to encrypt files. Also, this ransomware modifies filenames by adding the ".dazx" extension to filenames and creates a ransom note named "_readme
Our researchers found the euprotection[.]click rogue page while inspecting dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, this webpage can redirect visitors to other (likely untrustworthy/hazardous) sites. Most users can enter such pages via redirect
Our researchers discovered the Merlin ransomware during a routine investigation of new submissions to VirusTotal. After we executed a sample of this malware on our test system, it encrypted files and appended their filenames with a ".Merlin" extension. For example, a file initially titled "1.jpg"
While inspecting deceptive websites, our researchers discovered the COVID Dashboard, full title – COVID dashboard at Johns Hopkins University – browser extension. It is promoted as a tool for easy access to information concerning the COVID-19 pandemic. After investigating this extension, we deter
We have tested nowsearchit.com and found that it is a questionable search engine that may generate unreliable results. Search engines of this kind are promoted mainly via browser hijackers. Typically, users install/add apps of this type without knowing that these apps will change the settings of t
Our research team found the Usr ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Phobos ransomware family. Once we executed a sample of Usr on our test machine, it began encrypting files. The filenames of the affected files were appended with a u
While inspecting rogue websites, our research team found a page promoting the PixelSee application. It is endorsed as a free media player. However, due to the app's dubious promotion and potentially unmentioned undesirable functionalities, it is classed as a PUA (Potentially Unwanted Application)
A cryptocurrency clipper is a harmful software that can obtain and alter the information stored in the clipboard. ESET has reported numerous fraudulent Telegram and WhatsApp websites which aim to deceive Android (and Windows) users by offering fake (malicious) versions of these messaging applicati
While investigating suspicious websites, our researchers discovered an installer (commonly detected as Valyria) that contained the Bottle browser hijacker. Unlike most software within this classification, it does not modify browser settings to promote its fake search engine – oldforeyes.com.