Mnlywjzi is ransomware belonging to the Snatch family. Threat actors use Mnlywjzi to encrypt files and demand victims pay a ransom for their decryption. Also, Mnlywjzi renames files by appending the ".mnlywjzi" extension to filenames. It creates the "HOW TO RESTORE YOUR FILES.TXT" file that contai
While investigating suspect websites, our researchers discovered the defendpcpro[.]xyz rogue page. It is designed to load scams, promote browser notification spam, and redirect visitors to different (likely unreliable/malicious) sites. Most users access websites like defendpcpro[.]xyz via redirect
While inspecting questionable software-promoting websites, our research team discovered the Files Converter Free Online browser extension. It is promoted as a tool for converting various file formats. However, our analysis revealed that this browser extension also operates as adware. Files Convert
Yourdatadefencebulwark[.]live claims that a computer may be infected with viruses to trick visitors into purchasing antivirus software. Also, it asks for permission to show notifications. Users do not normally visit pages like yourdatadefencebulwark[.]live on purpose. Our team discovered this site
Defendersystem[.]xyz is rogue page that our researchers discovered while inspecting suspicious websites. This webpage promotes scams, pushes spam browser notifications, and redirects visitors to other (likely untrustworthy/dangerous) sites. Most users enter such webpages via redirects caused by si
Our researchers discovered the CharacterGeneration application while checking out new submissions to VirusTotal. After inspecting this app, we learned that it operates as advertising-supported software (adware) and is part of the AdLoad malware group. Adware is designed to enable the pla
While investigating new malware submissions to VirusTotal, our research team discovered the RAMP ransomware. On our testing system a sample of RAMP encrypted data and modified filenames. The titles of affected files were appended with a ".terror_ramp3" extension. For example, a file originally na
After downloading and adding the Planty-Search browser extension, we noticed that it changes some settings. It hijacks a web browser to promote planty-search.com - a fake search engine. Also, it can read and change bookmarks. Our team discovered Planty-Search on a deceptive website. Planty
Our inspection of the "CTM Arrangment" email revealed that it is malspam - malicious spam designed to infect recipients' systems with malware. While this fake letter is signed off by JPS Ships Supply Service - it must be emphasized that this legitimate company is in no way associated with the sca
Autolycos is the name of Android malware that infects devices via trojanized applications downloaded from the Google Play Store. Those apps were spotted in the middle of 2021. Most of them are no longer available on the Google Play Store. Autolycos subscribes victims to its premium services.