While checking out suspicious software promoting sites, our research team discovered the Bookmark Drag and Drop browser extension. It is endorsed as a bookmark management and quick access tool. Our inspection of Bookmark Drag and Drop revealed that it operates as a browser hijacker. This extensio
Flame is ransomware based on the Chaos ransomware. It encrypts files, appends four random characters to filenames (appends its extension), changes the desktop wallpaper, and creates the "read_it.txt" file containing a ransom note. We discovered Flame ransomware while inspecting samples submitted t
Our researchers discovered the control-scanning[.]com rogue page during a routine investigation of suspicious websites. It is designed to run scams, promote spam browser notifications, and redirect visitors to other (likely untrustworthy/malicious) sites. Users typically enter webpages like contr
While inspecting new submissions to VirusTotal, our researchers found the InitialConnection rogue application. Our analysis of this app revealed that it operates as adware and belongs to the AdLoad malware family. InitialConnection is designed to run intrusive advertisement campaigns, and it may
FocusAhead is an untrustworthy application that displays intrusive advertisements and can read sensitive information. Apps that show ads are called adware (advertising-supported software). Typically, users install adware on their computers unintentionally. We discovered FocusAhead while inspecti
"Email Security Update Scam" refers to an email spam campaign that we have analyzed. We determined that it is a phishing scam targeting email account log-in credentials (passwords). These fake emails attempt to extract this information from recipients by claiming that security issues have occurred
Protect2023[.]xyz is an untrustworthy website that runs the "McAfee - Your PC is infected with 5 viruses!" scam and wants to show notifications. All messages displayed on this page are fake. We discovered protect2023[.]xyz while examining dubious pages that use rogue advertising networks.
Zatp is ransomware that belongs to the Djvu family. Our malware researchers discovered Zatp while checking the VirusTotal page for recently submitted samples. We found that Zatp encrypts files and appends its extension (".zatp") to filenames. Also, it drops the "_readme.txt" file that contains a r
bDAT is a piece of malicious software categorized as ransomware. We discovered this program while inspecting new submissions to VirusTotal. It is noteworthy that bDAT is part of the Dharma ransomware family. After we executed a sample of bDAT on our test machine, it began encrypting files and app
Zate is one of the Djvu ransomware variants. It makes files inaccessible by encrypting them and renames files by appending its extension (".zate") to their filenames. Also, Zate drops its ransom note, a text file named "_readme.txt". Threat actors have been observed distributing Djvu ransomware al