While examining pro-shield2023[.]shop, we learned that it runs the "McAfee - Your PC is infected with 5 viruses!" scam. Pro-shield2023[.]shop uses a scare tactic to trick visitors into purchasing antivirus software. Also, this deceptive page asks for permission to show notifications. Pro-s
Pouu is ransomware that belongs to a family called Djvu. Pouu encrypts data, appends the ".pouu" extension to filenames, and provides a ransom note (crates the "_readme.txt" file). Our malware researchers discovered Pouu while examining malware samples submitted to VirusTotal. An example of how P
Poqw is malware belonging to a ransomware family called Djvu. We discovered Poqw while analyzing malware samples submitted to VirusTotal. Poqw encrypts files, appends its extension (".poqw") to filenames, and drops a ransom note (the "_readme.txt" file). An example of how Poqw modifies filenames:
Our researchers discovered the aavpolse[.]xyz rogue page while investigating questionable websites. This webpage is designed to promote scams, push browser notification spam, and cause redirects to other (likely untrustworthy or malicious) sites. Users typically enter aavpolse[.]xyz and similar p
While investigating suspicious sites, our research team discovered the Website Screen Protection browser extension. Its promotional material describes this piece of software as a parental control tool for manually blocking websites. However, our inspection revealed that this extension operates as
While investigating untrustworthy websites, our researchers discovered the totalrecaptcha[.]top rogue webpage. We found that it has two appearance variants (possibly more), which use deceptive content to trick visitors into allowing the page to deliver browser notification spam. Additionally, this
Kodex is a ransomware-type program. Typically, malware within this classification encrypts files and demands payment for their decryption. While Kodex's ransom note claims that this is how it operates – that is untrue. After launching a sample of this ransomware on our test system, we learned tha
Dybdended[.]com is the address of a rogue page discovered by our research team during a routine inspection of suspicious websites. This webpage promotes scams and pushes browser notification spam. Furthermore, it can redirect visitors to other (likely untrustworthy/harmful) sites. Most users acce
SecureAgent is a ransomware-type program that our researchers discovered while reviewing new submissions to VirusTotal. Malware within this classification is designed to encrypt data and demand ransoms for decryption. After we launched a sample of SecureAgent on our testing system, it encrypted t
Our team has examined the Web Image Downloader and found this browser extension shows annoying (intrusive) advertisements. Apps that display ads are classified as adware. Users rarely download and install adware since software of this type is often promoted and distributed using deceptive methods.