While inspecting new submissions to VirusTotal, our researchers discovered the Baal malicious program that is based on the Chaos ransomware. After we executed a sample of Baal (Chaos) ransomware on our test system, it encrypted files and modified their titles. Original filenames were appended wit
AnGrYTuRkEy is ransomware that encrypts files, changes the desktop wallpaper, drops the "read_it.txt" file (a ransom note) and appends the ".AnGrYTuRkEy" extension to filenames. Our malware researchers discovered AnGrYTuRkEy while checking the VirusTotal site for recently submitted malware samples
During the inspection of malware samples submitted to VirusTotal, our team discovered a ransomware variant belonging to the Djvu family dubbed Hhoo. Hhoo encrypts files and adds its own extension (".hhoo") to the original filenames. For instance, "1.jpg" becomes "1.jpg.hhoo", "2.png" becomes "2.p
Topreqdusa[.]com is a rogue site that we discovered while investigating untrustworthy websites. This page is designed to promote browser notification spam and – at the time of research – did so by employing fake CAPTCHA verification. The webpage in question can also redirect users to different (li
While inspecting questionable sites, our researchers discovered the topadvastudio[.]com rogue pages. This webpage is designed to push spam browser notifications. Furthermore, it can redirect visitors to different (likely untrustworthy/hazardous) websites. Most users enter sites like topadvastudio
Mikel is a variant of the Proxima ransomware. Malware within this classification is designed to encrypt data and demand payment. When we executed a sample of Mikel ransomware on our test machine, it encrypted files and appended their filenames with a ".mikel" extension. For example, a file initia
Odestech[.]com is a website that presents misleading messages to entice visitors into consenting to receive notifications. Typically, users arrive at these pages inadvertently. Our team found odestech[.]com while inspecting pages that use questionable advertising networks. Odestech[.]com s
Proxima is the name of a ransomware-type program. It is designed to encrypt data for the purpose of making ransom demands for decryption. After we executed a sample of Proxima on our test machine, it encrypted files and appended their filenames with a ".proxima" extension. For example, a file ini
We have inspected this letter and determined that it is a phishing email. Scammers behind it pose as a legitimate banking company (Intesa Sanpaolo). Their goal is to lure recipients into providing login information on a fake web page. Recipients should ignore this letter. The letter is wri
DarkBit is a ransomware we discovered while investigating new malware submissions to VirusTotal. It operates by encrypting data and demanding ransoms for decryption. Once we launched a sample of DarkBit on our testing system, it began encrypting files and altering their filenames. Affected files