Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth. It embeds t
Bazek is ransomware that our team discovered while checking the VirusTotal site for recently submitted malware samples. We found that it encrypts files, appends the ".bazek" extension to filenames, and drops the "README.txt" file containing a ransom note. Our team also learned that there are two
While analyzing the IdentityStack application, our team found that it shows annoying advertisements and can read sensitive information. Thus, we classified IdentityStack as adware. This application was discovered while inspecting deceptive websites offering to update supposedly outdated software
LilithBot is a highly versatile piece of malicious software. There are several variants of this malware, and it primarily operates as a botnet, cryptominer, clipper, and stealer. Research by Zscaler suggests that the developers of LilithBot are the same ones behind the Eternity malware family. Bo
Uyro is one of the Djvu ransomware variants designed to encrypt files, drop a ransom note, and append its extension to filenames. Uyro drops the "_readme.txt" file and appends ".uyro" extension to filenames. We discovered Uyro ransomware while examining malware samples submitted to VirusTotal. An
Our research team discovered the allactualspot[.]com rogue webpage while investigating untrustworthy websites. It pushes browser notification spam and redirects users to different (likely dubious/malicious) sites. Most users access pages like allactualspot[.]com via redirects caused by websites us
Whiteboard New Tab is a rogue browser extension that our researchers discovered while inspecting suspicious websites. It is presented as a tool that allows the user to draw/write on a new browser tab. However, Whiteboard New Tab also operates as a browser hijacker, i.e., makes changes to browser s
RansomBoggs, also known as Sullivan, is a ransomware-type program. Malware within this classification encrypts data and makes ransom demands for the decryption (i.e., file recovery). After being launched on our testing system, this ransomware encrypted files and appended their names with a ".chsc
HBM is the name of a ransomware-type program designed to encrypt data and demand payment for the decryption. This malicious program is part of the Dharma ransomware family. Once a sample of HBM was executed on our test machine, it began encrypting files and altering their filenames. Original titl
We tested the Cities HD Backgrounds in Your New Tab application and found that it operates as a browser hijacker. It promotes a fake search engine (spntextension.com) by changing the web browser's settings. We discovered Cities HD Backgrounds in Your New Tab browser extension on a deceptive web pa