Our inspection of the "Board Approved Payroll" email revealed that it is spam operating as a phishing scam. It is presented as a notification regarding a shared document containing salary payments. The link to the fake file leads to a phishing site that requests users to provide their email accoun
D0ggerofficial is ransomware that encrypts files, appends the ".locked" extension to filenames, and displays a pop-up message containing a ransom note. Threat actors behind D0ggerofficial ransomware have one goal - to get paid for data decryption. An example of how D0ggerofficial modifies filenam
Mnlywjzi is ransomware belonging to the Snatch family. Threat actors use Mnlywjzi to encrypt files and demand victims pay a ransom for their decryption. Also, Mnlywjzi renames files by appending the ".mnlywjzi" extension to filenames. It creates the "HOW TO RESTORE YOUR FILES.TXT" file that contai
While investigating suspect websites, our researchers discovered the defendpcpro[.]xyz rogue page. It is designed to load scams, promote browser notification spam, and redirect visitors to different (likely unreliable/malicious) sites. Most users access websites like defendpcpro[.]xyz via redirect
While inspecting questionable software-promoting websites, our research team discovered the Files Converter Free Online browser extension. It is promoted as a tool for converting various file formats. However, our analysis revealed that this browser extension also operates as adware. Files Convert
Yourdatadefencebulwark[.]live claims that a computer may be infected with viruses to trick visitors into purchasing antivirus software. Also, it asks for permission to show notifications. Users do not normally visit pages like yourdatadefencebulwark[.]live on purpose. Our team discovered this site
Defendersystem[.]xyz is rogue page that our researchers discovered while inspecting suspicious websites. This webpage promotes scams, pushes spam browser notifications, and redirects visitors to other (likely untrustworthy/dangerous) sites. Most users enter such webpages via redirects caused by si
Our researchers discovered the CharacterGeneration application while checking out new submissions to VirusTotal. After inspecting this app, we learned that it operates as advertising-supported software (adware) and is part of the AdLoad malware group. Adware is designed to enable the pla
While investigating new malware submissions to VirusTotal, our research team discovered the RAMP ransomware. On our testing system a sample of RAMP encrypted data and modified filenames. The titles of affected files were appended with a ".terror_ramp3" extension. For example, a file originally na
After downloading and adding the Planty-Search browser extension, we noticed that it changes some settings. It hijacks a web browser to promote planty-search.com - a fake search engine. Also, it can read and change bookmarks. Our team discovered Planty-Search on a deceptive website. Planty