While looking through untrustworthy websites, our researchers discovered the adforyounews[.]com rogue page. It is designed to deceptively promote browser notification spam. Additionally, adforyounews[.]com can redirect visitors to other (likely unreliable/malicious) websites. Most users enter sit
After inspecting this "Norton LifeLock" email, we determined that it is fake. It must be emphasized that this spam mail is in no way associated with either NortonLifeLock Inc. or PayPal Holdings, Inc. This scam letter is presented as a purchase invoice, which states that the payment has already b
Xbtl is a ransomware-type program that our research team discovered while looking through new malware submissions to VirusTotal. Ransomware is designed to encrypt data and demand payment for decryption. Once we launched a sample of Xbtl on our test machine, it encrypted files and appended their f
View-Dark is a rogue browser extension that our research team discovered while inspecting deceptive software-endorsing sites. While View-Dark is promoted as a dark-mode tool for simple design websites, it operates as advertising-supported software (adware) instead. It is pertinent to menti
During a routine inspection of new malware submissions, our researchers found a ransomware-type program named K1ng. It belongs to the Dharma ransomware family. After we executed a sample of K1ng on our test system, it encrypted files and appended their filenames with a unique ID assigned to the v
Our research team discovered the "Playless videos" browser extension while inspecting dubious software-promoting webpages. It is presented as a tool capable of disabling/auto-skipping ads on YouTube. However, our analysis revealed that Playless videos works as adware. Hence, instead of removing ad
While investigating new malware submissions to VirusTotal, our research team discovered another malicious program belonging to the Phobos ransomware family - called Fopra. We executed a sample of Fopra on our test machine, and it encrypted files and altered their titles. Original filenames were a
Moisha is a ransomware-type program designed to encrypt victims' data, delete Volume Shadow Copies, and demand payment for the decryption tools. Typically, ransomware appends the filenames of encrypted files with an extension; however, after releasing a sample of Moisha on our test system - we le
After inspecting the "Your Password Is Set To Expire" email, we determined that it is spam. The letter claims that recipients' email account passwords will expire in two days and urges them to prevent it by logging in through the promoted site. It must be emphasized that this is a phishing scam;
Our research team discovered the GetItDark browser extension while inspecting deceptive software promoting webpages. This piece of software promises to create a dark mode for simple design websites. However, our analysis of this rogue extension revealed that it operates as adware instead.