PLAY is the name of a ransomware-type program. Malware categorized as such operates by encrypting data and demanding ransoms for the decryption. After we executed a sample of this ransomware on our test machine, it encrypted files and appended their filenames with a ".PLAY" extension. For example
Dracarys is the name of Android spyware - malware that monitors activity and steals sensitive information. This spyware is distributed via fake websites by disguising it as legitimate applications. Trojanized apps have malicious code inserted into them to avoid detection. Dracarys/trojaniz
While inspecting dubious websites, our research team discovered the "Apple Security Center" tech support scam that targets Apple device users. Schemes of this kind trick victims into calling fake support lines by making claims about nonexistent system infections. When we investigated a web
After analyzing this email, we concluded that it is a phishing email used to trick recipients into providing personal information. It masquerades as a warning message from the email service provider. This email contains a link designed to open a deceptive page. This letter claims that reci
Our analysis of the "Windows Defender Subscription" email revealed that it is spam. This fake letter is presented as a notification regarding the purchase of a one-year subscription for the Windows Defender security software. It must be emphasized that this is a scam, and it is in no way associat
After examining imilroshoors[.]com, we learned that the purpose of this page is to trick visitors into agreeing to receive notifications and redirect them to other pages. We discovered imilroshoors[.]com while inspecting other pages (websites that use rogue advertising networks). Such pages do not
Captchastate[.]link is a rogue webpage that promotes browser notification spam and redirects visitors to other (likely dubious/malicious) sites. Our researchers found this page while inspecting websites that use rogue advertising networks. It is noteworthy that the redirects caused by such sites
Oiltraffic is ransomware that our team discovered while analyzing malware samples submitted to the VirusTotal website. We learned that Oiltraffic is part of the VoidCrypt family. It encrypts files, appends the victim's ID, lokilocker@tutanota.com email address, and ".Oiltraffic" extension to filen
AdjustableRotator is a rogue application that our researchers discovered during a routine investigation of new submissions to VirusTotal. Our analysis of this app revealed that it works as advertising-supported software (adware). We also determined that AdjustableRotator belongs to the AdLoad ma
After examining the VibeProfile application, we learned that it displays annoying advertisements and can read sensitive information. We found this app on a deceptive page claiming that some installed software is out of date. Apps that generate advertisements are classified as adware. In most cas