ArchiveOperation is an application that we discovered while reviewing new submissions to VirusTotal. After analyzing this app, we learned that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It displays ads (e.g., pop-ups, banners, c
We have examined advdomlab[.]com and learned that the purpose of this page is to trick visitors into allowing it to show notifications. Also, advdomlab[.]com redirects visitors to other untrustworthy websites. Our team discovered advdomlab[.]com while inspecting pages that use shady advertising ne
Wave analyzed mediumhiquality[.]com and found that this page displays a deceptive message to trick visitors into allowing it to show notifications. Also, mediumhiquality[.]com redirects to other websites that use clickbait techniques to receive permission to display notifications. Mediumhi
While testing the Search-News Default Search application, we found that it functions as a browser hijacker. It promotes a fake search engine (search-news.xyz) by changing some of the settings of a web browser. We discovered Search-News Default Search on a shady web page. Search-News Defaul
It is a fake virus message displayed by a deceptive website (a technical support scam site). The purpose of this page is to trick unsuspecting visitors into calling the provided number. None of the messages on this page are real. Thus, this website should be ignored. This scam page shows a
Venadvstar[.]com is one of the many websites that display deceptive messages to trick visitors into allowing them to show notifications. Additionally, venadvstar[.]com redirects visitors to other shady websites. We discovered venadvstar[.]com while inspecting sites that use shady advertising netwo
Our researchers discovered the Nlb ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Dharma ransomware family. Once we launched a sample of Nlb on our testing system, it encrypted files and altered their titles. Original filenames were appended wi
R0n is ransomware that encrypts files and appends the victim's ID, ronvest@tutanota.de email address, and the ".r0n" extension to filenames. Also, R0n provides two ransom notes: it displays a pop-up window and creates the "info.txt". Our team discovered R0n while inspecting malware samples submitt
Mztu is one of the ransomware variants belonging to the Djvu family. Our team discovered it while inspecting malware samples submitted to VirusTotal. The purpose of Mztu is to encrypt files. Also, this ransomware appends the ".mztu" extension to filenames and creates the "_readme.txt" file (a rans
While examining dfewasflyin[.]xyz, we found that this page displays a deceptive message to lure visitors into agreeing to receive notifications. It also redirects to other shady websites. Users do not normally visit sites like dfewasflyin[.]xyz on purpose. Dfewasflyin[.]xyz instructs visit