Vagus is the name of a Remote Access Trojan (RAT). Malware within this category is designed to enable remote access and control over compromised machines. These trojans can be highly multi-functional and cause a wide variety of damage. The following overview is based on Vagus RAT's promoti
While analyzing StyleLab, we discovered that it is an advertising-supported application - it shows intrusive advertisements. Also, StyleLab can read sensitive information. It is common for adware to be promoted and distributed using shady methods. Thus, users often download and install it inadve
RL Stealer is the name of the rebranded Ades information stealer. It can capture screenshots, steal data from various apps, and obtain system information and other data. Cybercriminals have been observed promoting RL Stealer on a hacker forum. This malware should be removed from infected computers
$ucyLocker is the name of a malicious program classed as ransomware. It is designed to encrypt data and make ransom demands for decryption. On our test machine, $ucyLocker encrypted files and appended their filenames with a ".WINDOWS" extension. For example, a file originally titled "1.jpg" appea
ENCODED is the name of ransomware that our team discovered while inspecting malware samples submitted to VirusTotal. We found that ENCODED encrypts data, appends the ".ENCODED" extension to filenames, drops the "HOW TO DECRYPT FILES.txt" file, and changes the desktop wallpaper. ENCODED's desktop
TapScroll is a rogue application that our research team discovered while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it operates as adware. Additionally, we learned that TapScroll belongs to the AdLoad malware family. Adware stands for advertising-sup
While testing the ProcessorPremiere application, our team noticed that it shows annoying advertisements. Thus, we classified ProcessorPremiere as adware. We also found that ProcessorPremiere can read sensitive information. It is worth mentioning that users rarely download and install adware on p
Our team has examined eredhadbeen[.]xyz and found that it displays a deceptive message to lure visitors into allowing it to show shady notifications. Also, eredhadbeen[.]xyz redirects visitors to other untrustworthy web pages. Typically, users open websites like eredhadbeen[.]xyz unintentionally.
While examining malware samples submitted to the VirusTotal website, our team discovered ransomware belonging to the Phobos family called STEEL. This ransomware encrypts files and appends the victim's ID, codeofhonor@tuta.io email address, and the ".STEEL" extension to filenames. Also, STEEL prov
Our researchers discovered the globaladvdomservices[.]com rogue page while investigating dubious websites. It operates by promoting spam browser notifications, at the time of research, through the use of fake CAPTCHA verification. Additionally, this webpage can redirect visitors to other (likely u