While checking out new submissions to VirusTotal, our research team discovered the EazyBit rogue application. After inspecting it, we determined that this piece of software operates as adware. We also learned that EazyBit is part of the AdLoad malware family. Adware stands for advertisin
Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines. At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is down
While testing the OneBlock application, our team noticed that it displays annoying advertisements. Thus, we classified OneBlock as adware (advertising-supported software). It is common for adware to be promoted and distributed using deceptive methods. We discovered OneBlock while analyzing a page
It is a fake pop-up message (a fake virus warning) displayed by a deceptive website. After examining this page, our team concluded that it uses a scare tactic to trick visitors into downloading and adding extensions to browsers (or installing untrustworthy applications on computers). We discovered
While checking out new submissions to VirusTotal, our researchers discovered the District ransomware. This type of malware is designed to encrypt data and demand payment for decryption. On our test machine, District encrypted files and changed their filenames by appending them with the cyber crim
We have inspected gosearches.gg and found that it is a fake search engine promoted via browser hijackers. Our team has also noticed that gosearches.gg is often the final destination URL in redirect chains (e.g., gosearches.gg gets opened via searchesmia.com). It is highly advisable not to trust go
Our team has examined captchafair[.]top and learned that this site shows a deceptive message to trick visitors into allowing it to show notifications. Also, captchafair[.]top redirects visitors to other untrustworthy web pages. We have discovered captchafair[.]top while inspecting sites that use s
While inspecting websites that use rogue advertising networks, our research team discovered a page promoting the "Your Windows OS Is Damaged" scam. It is a technical support scam presented as a system warning from Windows claiming that the visitor's operating system has been damaged due to virus i
While examining malware samples submitted to VirusTotal, we discovered a Dharma ransomware variant dubbed D0n. This ransomware encrypts files and appends the victim's ID, dong@techmail.info email address, and ".d0n" extension to their filenames. Also, it drops the "info.txt" file and shows a pop-u
Bpsm is ransomware (file-encrypting malware). Our team discovered Bpsm while checking the VirusTotal site for recently submitted malware samples. We found that Bpsm belongs to the Djvu ransomware family, which means it is likely that it is distributed alongside RedLine, Vidar, or other information