SkyWebProcess is a rogue application that our researchers found while inspecting new submissions to VirusTotal. After analyzing this app, we determined that SkyWebProcess operates as adware and belongs to the AdLoad malware family. It is noteworthy that adware may require specific condit
Our research team found the UnitySquad application during a routine checkup of new submissions to VirusTotal. After inspecting this app, we learned that it operates as advertising-supported software (adware). Additionally, we determined that UnitySquad belongs to the AdLoad malware family.
While inspecting websites that use rogue advertising networks (and shady ads), we came across watchvideo[.]cc - another untrustworthy page. We learned that watchvideo[.]cc is a website that wants to show notifications (it displays deceptive content to trick visitors into agreeing to receive notifi
Our team has discovered an adware-type application (a browser extension) called text background during an analysis of deceptive websites. We learned that text background has no real value. The main purpose of this app is to bombard users with intrusive advertisements. Thus, it is recommended not t
During a routine inspection of dubious websites, our researchers discovered advtstudio[.]com - yet another rogue page. It promotes browser notification spam and redirects visitors to different (likely untrustworthy/malicious) sites. Users typically access such websites via redirects caused by pag
Cardiidae[.]com is one of the many deceptive websites that use clickbait techniques to trick visitors into agreeing to receive notifications. Also, it redirects visitors to deceptive websites. Users do not visit pages cardiidae[.]com intentionally. We found this page while examining other sites (i
While inspecting new submissions to VirusTotal, our researchers discovered the StormByte ransomware. Malware within this classification operates by encrypting files and demanding payment for the decryption. We determined that this malicious program is part of the Nominatus ransomware family. We e
While examining shady websites claiming that some installed software is out of date, we discovered an application called AuroraFit. After downloading and installing this app, we learned that it has no useful features and displays annoying advertisements. Thus, we concluded that AuroraFit functio
Oori is ransomware that belongs to the Djvu ransomware family. Our malware researchers discovered Oori while examining samples submitted to VirusTotal. We found that Oori encrypts files and appends its extension (".oori") to filenames. Also, it drops the "_readme.txt" file on the desktop (this fil
Ooxa is the name of ransomware we discovered while checking the VirusTotal site for recently submitted malware samples. Our team has found that Ooxa belongs to a ransomware family called Djvu. It is malware that encrypts files, modifies filenames (appends the ".ooxa" extension to them), and drops