Our researchers found the Alice ransomware while investigating new malware submissions to VirusTotal. Malicious programs within this classification operate by encrypting data and demanding payment for decryption. After we executed a sample of Alice on our test machine, it encrypted files and appe
Files Downloader Expert is an application that our team discovered on a suspicious website, though the app also has an official site. Upon testing the application, we discovered that it is a browser extension that displays intrusive advertisements. Due to this behavior, we have classified Files Do
M2RAT is a backdoor malware that operates as a remote access trojan (RAT), performing functions such as keylogging, data theft, command execution, and taking screenshots. The malware uses shared memory sections for commands and data exfiltration, leaving few traces on the infected device.
goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. Malware of this type can provide attackers with access to sensitive information like messages, call logs, and photos, as well as the ability to execute commands, take s
Our researchers discovered the softlifeinfo[.]com rogue webpage during a routine inspection of dubious sites. This page promotes untrustworthy/harmful software and browser notification spam. Additionally, it can redirect visitors to different (likely unreliable/hazardous) websites. Users typicall
Zteqqd is a ransomware-type program that our researchers discovered while inspecting new submissions to VirusTotal. On our testing machine, this ransomware encrypted files and altered their filenames. The titles of affected files were appended with a unique ID assigned to the victim and a ".zteqq
While inspecting new submissions to VirusTotal, our research team discovered the SharedFormat application. After examining this piece of software, we determined that it is adware belonging to the AdLoad malware family. This app is designed to display advertisements, and it may have additional ha
Our team has examined securityguardplus[.]site and found that this page uses deceptive marketing to promote legitimate antivirus software. It shows deceptive messages to trick visitors into believing that their computers might be infected. We determined that securityguardplus[.]site runs the "You'
Stealc is the name of an information-stealing malware. It targets a wide variety of data associated with browsers, messaging software, cryptocurrency wallets, and other apps/extensions. According to Stealc's developers, it was created by relying on Vidar, Raccoon, Mars, and RedLine stealers. Natu
MEDUSA is ransomware that encrypts data, appends the ".MEDUSA" extension to filenames, and drops the "!!!READ_ME_MEDUSA!!!.txt" file, which contains a ransom note. Our team discovered MEDUSA while examining samples submitted to VirusTotal. An example of how MEDUSA modifies filenames: it renames "