While inspecting new submissions to VirusTotal, our researchers discovered a new malicious program called Faust - which belongs to the Phobos ransomware family. On our test machine, Faust ransomware encrypted files and changed their titles. Original filenames were appended with a unique ID, the c
Fate is ransomware (one of the Djvu ransomware variants) designed to encrypt files and change their extension to ".fate". It also creates the "_readme.txt" file that contains a ransom note. We discovered Fate while checking the VirusTotal page for recently submitted malware samples. An example of
Fatp is one of the ransomware variants belonging to the Djvu family. Our team discovered Fatp on VirusTotal (while inspecting submitted malware samples). Fatp encrypts files and appends the ".fatp" extension to their filenames. It also creates the "_readme.txt" file that contains a ransom note. A
Our researchers discovered the chainedprotol[.]com rogue page while investigating suspicious websites. It promotes online scams, pushes browser notification spam, and redirects visitors to different (likely untrustworthy/dangerous) sites. Users typically access webpages like chainedprotol[.]com th
While looking through deceptive sites, our researchers discovered the Websites Drawer browser extension. It is promoted as a tool that allows users to draw and make captions on visited webpages. However, our analysis revealed that this extension operates as advertising-supported software (adware).
FindIt-All is a browser extension that our research team discovered while checking out suspicious software-promoting websites. Our analysis of this extension revealed that it operates as a browser hijacker. FindIt-All changes browser settings to promote the find.findit-all.com fake search engine.
ZEUSSEC1337 is a ransomware-type program that we discovered while inspecting new submissions to VirusTotal. This malicious program is part of the Chaos ransomware family. On our testing system, ZEUSSEC1337 encrypted files and appended filenames with an extension consisting of four random characte
While inspecting rogue websites, our researchers discovered one endorsing the Trippy Circles browser extension. It promises to display animations on new browser tabs. However, this software also operates as a browser hijacker. Trippy Circles alters browser settings to promote the trippycircles.net
Cypher is the name of a remote administration Trojan (RAT) targeting Android users. It allows threat actors to monitor and control infected devices (perform various actions on infected devices). Cypher's creators offer three subscription plans: $100 per month, $200 for three months, and $400 for a
While checking out new submissions to VirusTotal, our researchers discovered the AlphaExplorer rogue app. This piece of software operates as adware. Additionally, it is worth mentioning that AlphaExplorer is part of the AdLoad malware family. Adware stands for advertising-supported softw