BianLian is the name of a banking Trojan targeting Android users. We have discovered this piece of malware while examining malware droppers (fake apps) uploaded to the Google Play store. BianLian performs overlay attacks to steal login credentials for banking applications and has additional capabi
While looking through new malware submissions to VirusTotal, our researchers found the EMPg296LCK malicious program that is classified as ransomware. We determined that this program is part of the MedusaLocker ransomware family, and we acquired a sample of it for testing. On our test machine, EMP
IndexerSource is an application that our researchers discovered while inspecting new submissions to VirusTotal. After analyzing this piece of software, we learned that it operates as adware and is part of the AdLoad malware family. Adware operates by enabling the placement of advertiseme
Our researchers discovered the hehighursoo[.]com rogue webpage while inspecting untrustworthy websites. This page is designed to promote spam browser notifications and redirect visitors to different (likely questionable or malicious) sites. Most users enter hehighursoo[.]com and pages akin to it
SVCReady is the name of a malware loader that can collect information about the infected system and communicate with a command and control (C2) server. We have discovered this loader while examining an email containing a malicious MS Word document. One of the known payloads delivered using the SV
While inspecting dubious advertisements, our researchers discovered "ARK Invest Crypto Giveaway". It follows the classical model of cryptocurrency giveaway scams. "ARK Invest Crypto Giveaway" promises double the return on the Bitcoin and/or Ethereum cryptocurrencies that users contribute to it. It
While inspecting new malware submissions to VirusTotal, our research team discovered a ransomware called Ryuk. We determined that this program is part of the Chaos ransomware family. After executing a sample of it on our test system, we learned that it encrypts files and appends their filenames w
Victorysweepstakes[.]com is a deceptive page designed to trick visitors into providing information and allowing it to show notifications. We have discovered the victorysweepstakes[.]com page while examining other pages that use rogue advertising networks. It is uncommon for pages like victorysweep
Web Ad Block is a browser extension that our research team discovered while inspecting dubious download webpages. This piece of software promises to block advertisements on the YouTube video-hosting platform. However, our analysis revealed that instead of removing ads, this extension displays the
Win-scan[.]com is a rogue webpage that our researchers discovered while inspecting dubious sites. It promotes scams, pushes browser notification spam, and redirects visitors to different (likely untrustworthy/dangerous) websites. Users typically access sites like win-scan[.]com via redirects cause