Dark Reader for Chrome is a browser extension promoted as a tool enabling users to use a dark theme for all websites. While testing this app, our team found that it displays annoying/intrusive advertisements. Apps that show ads are classified as adware. It is uncommon for adware to be downloaded a
Backshow is the name of ransomware that our malware researchers discovered while inspecting samples submitted to the VirusTotal. It encrypts files and appends the victim's ID, mail-backshow@my.com email address, and a random three-character extension to filenames. Also, it drops a ransom note (the
Buybackdate is a ransomware that our researchers found while checking out new submissions to VirusTotal. This malicious program belongs to the ZEPPELIN ransomware family. After we executed a sample of Buybackdate on our test system, it encrypted files and appended their names with a ".bbd2.[victi
lifetimedesktopdefence[.]online is one of the deceptive websites designed to trick visitors into purchasing antivirus software. We examined this site and learned that it runs the "Norton Security - Your PC might be infected with viruses!" scam. Our team discovered lifetimedesktopdefence[.]online w
After investigating this email, we found that it is written by cybercriminals who seek to trick recipients into infecting their computers. This email is disguised as a letter from the Werth company regarding payment confirmation. Threat actors use this email to lure recipients into opening a malic
While investigating suspicious websites, our researchers found one running the "Norton - Your Phone May Be Receiving Many Spam Texts" scam. It is presented as an alert from the Norton anti-virus. The fake notification warns that the visitor's phone may be receiving spam and all data might be lost
Prestige is ransomware - malware that prevents victims from accessing (opening) their files by encrypting them. Additionally, Prestige appends the ".enc" extension to filenames and drops the "README" file containing a ransom note. An example of how this ransomware modifies filenames: it renames "1
Our researchers discovered the milipili[.]click rogue page while inspecting suspect websites. It promotes deceptive content, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) sites. Most users enter milipili[.]click and similar websites via red
ActiveLink is a rogue application that our research team found while checking out new submissions to VirusTotal. Our inspection of this app revealed that it is advertising-supported software (adware). Additionally, it is noteworthy that ActiveLink is part of the AdLoad malware family. Ad
We examined time-delta[.]xyz and learned that it displays deceptive content to trick visitors into allowing it to show notifications. Also, it redirects visitors to other untrustworthy pages. We discovered time-delta[.]xyz while inspecting pages that use rogue advertising networks. Typically, user