While testing the ExtendedTech application, our team discovered that it displays intrusive advertisements. Therefore, we classified this app as adware. It is common for adware to be promoted and distributed using questionable (often deceptive) methods. Thus, users often download and install it i
While inspecting malware samples submitted to the VirusTotal website, we discovered a ransomware variant belonging to the Dharma family dubbed Mao. We found that Mao encrypts files and appends the victim's ID, sony.mao@techmail.info email address, and ".mao" extension to filenames. Also, Mao disp
While checking the VirusTotal page for recently submitted malware samples, our team discovered ransomware belonging to the Djvu family dubbed Zoqw. This malware encrypts files, appends the ".zoqw" extension to filenames, and drops the "_readme.txt" file containing a ransom note. An example of how
After examining bikemolktwo[.]xyz, we learned that it runs the "McAfee - Your PC is infected with 5 viruses" scam. It uses deceptive marketing to promote legitimate antivirus software. Also, bikemolktwo[.]xyz wants to show notifications. Our team discovered bikemolktwo[.]xyz while analyzing pages
While checking out deceptive sites, we discovered the Weekly Stock Loader browser extension. It is promoted as a tool that provides weekly information about users' favorite stocks. However, our analysis of Weekly Stock Loader revealed that it operates as advertising-supported software (adware).
Encrypto is a ransomware-type program that our researchers discovered during a routine inspection of new submissions to VirusTotal. When we executed a sample of Encrypto on our testing system, it encrypted files and appended their filenames with a ".Encrypto" extension. To elaborate, a file initi
Our inspection of the "Pending Payment" email revealed that it is spam. The fake letter is presented as a final warning regarding a pending payment. This mail aims to lure recipients into following the provided link that leads to the download of a likely malicious file. The scam email with
While examining the Loading Timer browser extension, our team found that it shows unwanted intrusive advertisements. Apps that display ads are categorized as advertising-supported applications. Users rarely download and install (or add) adware knowingly. We discovered multiple deceptive websites p
While inspecting questionable websites, our researchers discovered the alltimetopdefender[.]site rogue webpage. It operates by running scams, promoting browser notification spam, and redirecting visitors to other (likely unreliable/dangerous) websites. Most users access sites like alltimetopdefen
While checking the VirusTotal page for recently submitted samples, our team discovered ransomware dubbed G-Stars. This malware encrypts files to prevent victims from accessing/opening them. Also, G-Stars appends a string of random characters and the ".G-Stars" extension to filenames and drops its