Powd is ransomware (belonging to the Djvu family) that encrypts victims' files to make them inaccessible. Also, this malware modifies filenames by appending the ".powd" extension to filenames and creates a ransom note ("_readme.txt") to provide contact and payment information. An example of how P
While inspecting questionable websites, we discovered the asxerk[.]click rogue webpage. It runs scams, promotes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites. Users typically access such pages through redirects caused by websites that use rogue adve
While investigating new submissions to VirusTotal, our researchers discovered the LockFiles ransomware. This malicious program belongs to the MedusaLocker ransomware family. After we executed a sample of LockFiles (MedusaLocker) ransomware on our testing system, it encrypted files and appended th
While looking through new malware submissions to VirusTotal, our researchers discovered the AROS ransomware-type program. Once we executed a sample of it on our test machine, this ransomware began encrypting files. The filenames of the affected files were appended with a unique ID assigned to the
We examined ivonch[.]click and found that this page promotes the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it asks for permission to deliver notifications. Ivonch[.]click is a deceptive page that should be ignored and never allowed to show notifications. Ivonch[.]click is
Catchlucksurvey[.]top is a rogue website that was discovered by our researchers during a routine inspection of dubious pages. It promotes deceptive material, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/harmful) sites. Users typically enter webpages
Our researchers discovered the LegendDeploy rogue application while inspecting new submissions to VirusTotal. Following installation on our test machine, this app operated as adware. It is noteworthy that LegendDeploy is part of the AdLoad malware family. Adware stands for advertising-su
Dark Reader for Chrome is a browser extension promoted as a tool enabling users to use a dark theme for all websites. While testing this app, our team found that it displays annoying/intrusive advertisements. Apps that show ads are classified as adware. It is uncommon for adware to be downloaded a
Backshow is the name of ransomware that our malware researchers discovered while inspecting samples submitted to the VirusTotal. It encrypts files and appends the victim's ID, mail-backshow@my.com email address, and a random three-character extension to filenames. Also, it drops a ransom note (the
Buybackdate is a ransomware that our researchers found while checking out new submissions to VirusTotal. This malicious program belongs to the ZEPPELIN ransomware family. After we executed a sample of Buybackdate on our test system, it encrypted files and appended their names with a ".bbd2.[victi