CleanBlocker is a rogue browser extension that our researchers discovered while inspecting deceptive websites. This piece of software is presented as an adblocker that can stop website tracking and block various advertisements. However, our analysis revealed that CleanBlocker's operates oppositely
While testing the Web Video Player browser extension, we found that it shows intrusive advertisements, can read and change data on all websites, and display notifications. We discovered Web Video Player on a deceptive website. Since this app shows ads, we classified it as adware. Web Video
"Movies" is a piece of advertising-supported software (adware) belonging to the ChromeLoader malware family. This software operates by running intrusive advertisement campaigns. Furthermore, ChromeLoader apps are known to install multiple unwanted/malicious extensions on Chrome browsers. Hence, i
While checking out new malware submissions to VirusTotal, our research team found the Chily ransomware. This malicious program is designed to encrypt data and demand ransoms for decryption. Once we executed a sample of Chily on our test machine, it began encrypting files and altered their filenam
After investigating this email, we found that it is a fake letter from an email service provider. It is created by scammers who aim to trick recipients into providing sensitive information on a phishing website. This email must be ignored. Scammers behind this email attempt to trick recipi
After inspecting the "Annual Salary Adjustment" email, we determined that it is spam. This mail operates as a phishing scam. It aims to deceive recipients into disclosing their email log-in credentials by promoting a fake file-sharing website that requests this information for identity confirmatio
CrySpheRe is one of the Xorist ransomware variants designed to encrypt files. We discovered CrySpheRe ransomware while checking the VirusTotal page for recently submitted malware samples. While investigating CrySpheRe, we learned that it appends the ".CrySpheRe" extension to filenames, displays a
Ouroboros is a rogue browser that our research team discovered while inspecting suspicious software-promoting websites. This browser likely has advertising-supported software (adware) functionalities. Ouroboros also shares traits with browser hijackers in that it can cause redirects to fake searc
We examined erbi90s[.]click and found that it displays deceptive messages to trick visitors into believing that their computers are infected and purchasing antivirus software. It runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, erbi90s[.]click can show untrustworthy notification
RPC is ransomware that blocks access to files by encrypting them. Also, it renames files by appending the victim's ID, pcrec@tuta.io email address, and ".RPC" extension to filenames. RPC ransomware provides two ransom notes: it displays a pop-up window and creates the "recinfo.txt" file. RPC is o