MEDUSA is ransomware that encrypts data, appends the ".MEDUSA" extension to filenames, and drops the "!!!READ_ME_MEDUSA!!!.txt" file, which contains a ransom note. Our team discovered MEDUSA while examining samples submitted to VirusTotal. An example of how MEDUSA modifies filenames: it renames "
While investigating rogue installation setups, we found one promoting the search-good.com illegitimate search engine. Websites of this kind are typically endorsed (through redirects) by browser-hijacking software. During our analysis, we discovered search-good.com being promoted by a browser hijac
During our analysis of malware samples submitted to the VirusTotal page, we came across a ransomware strain dubbed Jron. Upon further investigation, we determined that Jron belongs to the Dharma ransomware family. Jron encrypts data, alters file names, presents a pop-up window, and generates a tex
While reviewing untrustworthy sites, our researchers encountered the topcaptchatoday[.]top rogue webpage. Our team discovered two appearance variants of this page; both employed a hoax CAPTCHA test to lure visitors into consenting to this spam browser notification delivery. It is worth mentioning
Insekt is the name of a remote access trojan (RAT). Malware of this type is designed to give an attacker remote access and control over a victim's computer system. Insekt RAT is developed using GoLang programming language and is compiled to run on both Windows and Linux systems. Alchimist
Tils is a ransomware-type program discovered by our researchers during a routine inspection of new submissions to VirusTotal. Malware within this category is designed to encrypt data and demand ransoms for its decryption. After we executed a sample of Tils on our testing system, it encrypted file
While investigating adsforcomputertech[.]com, we discovered that the website aims to deceive its visitors into consenting to receive notifications. Moreover, the site redirects users to similar web pages. Our team stumbled upon adsforcomputertech[.]com while examining pages that employ dubious adv
SHTORM is a ransomware variant that is part of the Phobos ransomware family. Our malware researchers discovered SHTORM while analyzing malware samples submitted to the VirusTotal page. They have found that SHTORM encrypts data, modifies filenames, and creates info.hta and info.txt files (ransom no
We discovered the gadsmedia[.]com rogue site during a routine investigation of untrustworthy webpages. It operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/harmful) pages. Users primarily enter webpages like gadsmedia[.]com through redirects
While inspecting untrustworthy sites, our research team discovered the asrelatercond[.]com rogue page. At the time of research, this webpage used fake CAPTCHA to trick visitors into allowing it to display spam browser notifications. Additionally, asrelatercond[.]com can redirect users to other (li