Our researchers discovered yet another malicious program - Tohj - belonging to the Djvu ransomware family while inspecting new submissions to VirusTotal. Ransomware encrypts data and demands payment for decryption. Once we executed a sample of Tohj on our test system, it began encrypting files. T
While analyzing oneqanatclub[.]com, we learned that it requests visitors to pass a fake CAPTCHA (it shows deceptive content to lure visitors into agreeing to receive notifications). It also redirects visitors to other websites of this type. Our team discovered oneqanatclub[.]com while inspecting w
Our team discovered another Djvu ransomware called Towz that encrypts files to make them inaccessible until a ransom is paid. We also found that Towz appends the ".towz" extension to filenames and creates the "_readme.txt" file (a file containing contact and payment information). This ransomware w
InformationLeader is an advertising-supported application (adware) that bombards users with annoying advertisements. We discovered this app after using a fake installer downloaded from a website claiming that it is required to update the Adobe Flash Player. It is not uncommon for apps like Infor
Lostdata is ransomware that encrypts files, replaces their names with an email address and a string of random characters, and appends the ".cbf" extension to filenames. Also, Lostdata changes the desktop wallpaper (with a short ransom note on it). Our malware researchers discovered Lostdata ransom
While investigating questionable sites, our researchers found the lundiapoditing[.]com rogue webpage. It is designed to push browser notification spam and redirect visitors to different (likely unreliable or malicious) websites. Lundiapoditing[.]com and similar pages are most commonly entered thr
During a routine investigation of untrustworthy websites, our research team discovered the news-zedege[.]cc rogue page. It attempts to trick visitors into enabling it to deliver spam browser notifications. News-zedege[.]cc can also cause redirects to other (likely unreliable/malicious) sites. Mos
Pc-protections[.]com is a rogue webpage that we discovered while inspecting questionable sites. It is designed to promote online scams and spam browser notifications. Additionally, this page can redirect visitors to other (likely untrustworthy/harmful) websites. Users typically enter webpages lik
After installing and testing the InitialMethod application, our team learned that it is a useless app that functions as adware. The purpose of InitialMethod is to display intrusive advertisements. We discovered this advertising-supported app while inspecting deceptive pages encouraging visitors
ScanBox is the name of malware delivered via malicious websites masquerading as legitimate Australian news websites. Cybercriminals behind it target Australian Government agencies, news media organizations, and global energy and manufacturing sectors. Websites used to distribute ScanBox are sent v