While examining batus[.]click, our team learned that it runs the "McAfee - Your Card Payment Has Failed!" scam and wants to show notifications. We discovered batus[.]click while inspecting other shady websites that use rogue advertising networks. It is recommended to ignore sites like batus[.]clic
While analyzing the Snetchball application, we found that it functions as adware - it shows intrusive advertisements. It is common for adware to be promoted and distributed using shady methods. We discovered Snetchball after downloading a malicious installer from an untrustworthy web page.
While inspecting suspicious websites, our researchers found a deceptive page promoting a malicious download assistant. Following installation on our test machine, we learned that it was bundled with a variety of harmful software, including Split Files (alternatively titled Split Files Setup). This
We have discovered the Library Games application after downloading and using a malicious installer. After testing Library Games, we found that it shows intrusive advertisements. Thus, we classified Library Games as adware. This app runs in the Task Manager as Library Games 1.1. Advertiseme
Tanki X is ransomware - malware that blocks access to files by encrypting them. Also, Tanki X appends ".TANKIX" extension to filenames, drops the "READ_ME.txt" file, and displays a pop-up window. Its text file and pop-up window contain a ransom note. An example of how Tanki X renames files: it cha
Desktopanalyticscenter[.]site is the address of a rogue page that we discovered while investigating untrustworthy websites. This site runs scams, promotes spam browser notifications, and redirects visitors to different (likely unreliable/harmful) webpages. Most users access pages like desktopanal
While inspecting suspicious websites, our researchers discovered the Page Downloader browser extension. It is presented as a tool capable of converting webpage content into a single downloadable text file. However, our investigation of Page Downloader revealed that it is adware. Advertisin
Our researchers found the Upsilon ransomware-type program while inspecting new submissions to VirusTotal. It operates by encrypting data in order to demand payment for decryption. On our testing system, Upsilon encrypted files and appended their filenames with a ".upsil0n" extension. For example,
While investigating sites that use rogue advertising networks, our researchers found one endorsing the Browser-Security browser extension. After inspecting it, we determined that this piece of software operates as a browser hijacker. Browser-Security makes changes to browser settings in order to
KoRyA is the name of ransomware belonging to the Xorist family. Our malware researchers discovered KoRyA while examining samples submitted to VirusTotal. We learned that KoRyA encrypts data, appends the ".KoRyA" extension to filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FIL