Our researchers found the Upsilon ransomware-type program while inspecting new submissions to VirusTotal. It operates by encrypting data in order to demand payment for decryption. On our testing system, Upsilon encrypted files and appended their filenames with a ".upsil0n" extension. For example,
While investigating sites that use rogue advertising networks, our researchers found one endorsing the Browser-Security browser extension. After inspecting it, we determined that this piece of software operates as a browser hijacker. Browser-Security makes changes to browser settings in order to
KoRyA is the name of ransomware belonging to the Xorist family. Our malware researchers discovered KoRyA while examining samples submitted to VirusTotal. We learned that KoRyA encrypts data, appends the ".KoRyA" extension to filenames, changes the desktop wallpaper, creates the "HOW TO DECRYPT FIL
Bettercallsaul is a ransomware-type program that our researcher team discovered while inspecting new submissions to VirusTotal. After being executed on our test machine, this malicious program encrypted files and appended their names with a ".bettercallsaul" extension. To elaborate, a filename su
While examining malware dubbed Zouu, we found that it is ransomware that encrypts files and appends the ".zouu" extension to filenames. Also, Zouu creates the "_readme.txt" file (a ransom note). An example of how Zouu renames files: it changes "1.jpg" to "1.jpg.zouu", "2.png" to "2.png.zouu", and
Our inspection of the "Unknown Browser Login" email revealed that it is spam operating as a phishing scam. It is presented as an email account security notification alerting the recipient that there has been a suspicious log-in. This spam mail aims to extract users' email account passwords through
We have examined the IPTV Player application and found that it is an advertising-supported browser extension that shows intrusive advertisements. In most cases, users install (or add) adware inadvertently since it is often promoted and distributed using questionable methods. Our team discovered IP
After installing a fake Adobe Flash Player setup on our test system, we discovered the MajorLetterSearch application. It operates as advertising-supported software (adware), i.e., delivers intrusive ad campaigns. Additionally, we determined that MajorLetterSearch is part of the AdLoad malware fa
While testing the ExtendedTech application, our team discovered that it displays intrusive advertisements. Therefore, we classified this app as adware. It is common for adware to be promoted and distributed using questionable (often deceptive) methods. Thus, users often download and install it i
While inspecting malware samples submitted to the VirusTotal website, we discovered a ransomware variant belonging to the Dharma family dubbed Mao. We found that Mao encrypts files and appends the victim's ID, sony.mao@techmail.info email address, and ".mao" extension to filenames. Also, Mao disp