CrySpheRe is one of the Xorist ransomware variants designed to encrypt files. We discovered CrySpheRe ransomware while checking the VirusTotal page for recently submitted malware samples. While investigating CrySpheRe, we learned that it appends the ".CrySpheRe" extension to filenames, displays a
Ouroboros is a rogue browser that our research team discovered while inspecting suspicious software-promoting websites. This browser likely has advertising-supported software (adware) functionalities. Ouroboros also shares traits with browser hijackers in that it can cause redirects to fake searc
We examined erbi90s[.]click and found that it displays deceptive messages to trick visitors into believing that their computers are infected and purchasing antivirus software. It runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, erbi90s[.]click can show untrustworthy notification
RPC is ransomware that blocks access to files by encrypting them. Also, it renames files by appending the victim's ID, pcrec@tuta.io email address, and ".RPC" extension to filenames. RPC ransomware provides two ransom notes: it displays a pop-up window and creates the "recinfo.txt" file. RPC is o
While inspecting suspicious sites, our researchers discovered one offering fake Chrome browser updates that installed the Multicheck Checkbox Checker browser extension. This piece of software is presented as a tool that simplifies the action of checking/unchecking boxes on the Web. Instead, Multic
Lock is the name of a ransomware-type program discovered by our research team during a routine inspection of new submissions to VirusTotal. This malicious program is part of the Babuk ransomware family. On our test machine, Lock (Babuk) ransomware encrypted files and appended their filenames with
After inspecting this "Stromag" email, we determined that it is fake. This spam letter is presented as a message from the Stromag power transmission component manufacturing company. It must be emphasized that this spam mail is not associated with said company. The scam email attempts to trick rec
INT is ransomware designed to encrypt files, change their filenames, and create a ransom note (the "+README-WARNING+.txt" file). We found that INT is part of the Makop ransomware family. It appends the victim's ID, an email address, and the ".INT" extension to filenames. Our team discovered INT r
Our researchers discovered the wilycaptcha[.]live rogue page while looking through suspicious websites. It is designed to promote spam browser notifications and redirect users to other (likely untrustworthy/hazardous) sites. Most visitors to pages like wilycaptcha[.]live access them through redire
ThinDev is a rogue application, which our analysis revealed to be advertising-supported software (adware). It operates by running intrusive advertisement campaigns. Additionally, ThinDev belongs to the AdLoad malware family. Adware displays third-party graphical content (e.g., pop-ups, b