Lilmoon is ransomware belonging to the VoidCrypt family. We discovered Lilmoon while analyzing malware samples submitted to VirusTotal. In addition to encrypting data, Lilmoon appends the victim's ID, encrypt.ns@gmail.com email address, and the ".lilmoon" extension to filenames and creates a ranso
Our researchers discovered the Ssaw ransomware during a routine inspection of new submissions to VirusTotal. Ransomware is designed to encrypt data and demand payment for its decryption. After we launched a sample of Ssaw on our test machine, it encrypted files and appended their filenames with a
During our testing of the AssistiveBalance application, our team identified that it displays aggressive and unwanted advertisements. Due to this behavior, we have classified AssistiveBalance as adware, which refers to software that is designed to generate revenue by displaying advertisements. Ty
Qotr, a variant belonging to the Djvu ransomware family, encrypts data and adds the ".qotr" extension to filenames. Qotr creates a "_readme.txt" file to provide contact and payment information. As an illustration of its file renaming method, Qotr changes "1.jpg" to "1.jpg.qotr", "2.png" to "2.png.
Our research team discovered the Quick Video Find browser extension during a routine investigation of untrustworthy websites. Quick Video Find promises the functionality of providing easy access to free downloads of audio/video from browsed websites. However, after inspecting this extension, we de
While investigating suspicious websites, our researchers found one endorsing the Hockey Start browser extension. It is presented as a tool for quick access to hockey sports related online content. However, after we analyzed this extension, we determined that it changes browser settings to promote
Our research team discovered the Music application while inspecting suspicious websites. After investigating this app, we determined that it is advertising-supported software (adware). In other words, Music operates by running intrusive advertisement campaigns. Adware is designed to delive
Finder-search.com is the address of a fake search engine. Websites of this type usually cannot provide search results, and while finder-search.com can – they are likely to include unrelated and deceptive content. Illegitimate search engines are commonly promoted (through redirects) by browser hija
Atlantida is the name of a stealer. Malware within this classification is designed to extract sensitive information from systems and applications installed on them. The Atlantida stealer has been observed being actively spread through suspicious freeware and "cracked" software websites. As
Qowd is ransomware that encrypts files on a victim's computer and demands a ransom payment in exchange for decryption tools. Our team discovered Qowd while checking the VirusTotal site for recently submitted malware samples. Qowd is a variant of the Djvu ransomware family. It may be distributed al