Filedownloader[.]cloud is a shady website designed to download an installer that installs potentially malicious applications. Our team discovered filedownloader[.]cloud while inspecting pages that use rogue advertising networks (e.g., illegal movie streaming pages, torrent sites). Users do not nor
PUTIN is ransomware belonging to the CONTI family. It prevents victims from accessing data by encrypting it. Also, PUTIN appends the ".PUTIN" extension to the filenames of all encrypted files and drops the "README.txt" file that contains contact information. An example of how PUTIN ransomware ren
Our team tested the AdvancedHelper application and found that it operates as adware - it displays annoying advertisements. It is uncommon for advertising-supported software to be downloaded and installed knowingly. We discovered AdvancedHelper on a deceptive page. AdvancedHelper shows ad
TrackAnalyser is a rogue application that we discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware is designed to run intrusive advertisement campaigns. In other wo
While inspecting sites that use rogue advertising networks, our researchers discovered the "McAfee - Your Card Payment Has Failed!" scam. It claims that the McAfee anti-virus has expired due to a failed reoccurring payment. Users are encouraged to rectify this issue and protect the vulnerable devi
Mbtf is one of the ransomware variants belonging to the Djvu family. Our team discovered Mbtf while examining malware samples submitted to VirusTotal. We found that Mbtf encrypts files and appends the ".mbtf" extension to filenames. Also, it creates the "_readme.txt" file, a ransom note containing
Mppn is ransomware that encrypts data, appends the ".mppn" extension to filenames, and creates the "_readme.txt" file that contains a ransom note. Mppn is one of the Djvu ransomware variants. We discovered it while inspecting malware samples submitted to the VirusTotal page. Threat actors often di
While inspecting suspicious websites, our research team discovered the monterrey[.]top rogue page. It pushes browser notification spam and redirects visitors to different (likely untrustworthy/malicious) sites. Users typically enter such webpages via redirects caused by sites that use rogue advert
Thehypefeed[.]com is one of the websites designed to trick visitors into agreeing to receive notifications. In addition to showing deceptive content, thehypefeed[.]com redirects to other pages. We discovered thehypefeed[.]com while examining sites that use rogue advertising networks. Thehy
CryWiper is malware masquerading as ransomware. It operates as a data wiper: instead of encrypting files, CryWiper damages them. It also appends the ".CRY" extension to filenames and deletes shadow copies to prevent victims from restoring their files. Threat actors behind CryWiper have been observ