Bowd is ransomware (one of the Djvu ransomware variants). It encrypts data, appends its extension (".bowd") to filenames, and drops a ransom note (the "_readme.txt" file). We discovered Bowd while analyzing malware samples submitted to the VirusTotal site. It is known that Djvu ransomware is often
Bozq is one of the Djvu ransomware variants. It encrypts files and appends the ".bozq" extension to filenames. Also, Bozq creates the "_readme.txt" file containing a ransom note. Our team discovered this ransomware while inspecting malware samples submitted to VirusTotal. We also found that Djvu r
While analyzing yourdevicesprotected[.]com, we found that it is a deceptive website that shows a fake warning and asks for permission to show notifications. Our team discovered yourdevicesprotected[.]com during an examination of other pages of this kind and shady advertisements. This page should b
After testing the Smilebox Tab browser extension, we found the purpose of this app is to hijack a web browser. It promotes smilebox.co (a fake search engine) by changing the settings of a web browser. It is common for browser hijackers to be promoted and distributed using shady methods. We discove
Our team inspected ijony[.]click and found that it is a deceptive website running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, this page asks for permission to show notifications. None of the claims on ijony[.]click are true. Thus, this page should be ignored. Ijony[.]cli
Azov is the name of ransomware - malware that blocks access to files by encrypting them. It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that
While examining captchasee[.]live, we found that it uses a clickbait technique to lure visitors into agreeing to receive its notifications. We also found that captchasee[.]live redirects to a scam website (possibly more than one). Our team discovered captchasee[.]live while inspecting websites tha
Drinik is the name of an Android malware that previously functioned as an SMS stealer that has now evolved into a banking Trojan. There are at least three variants of Drinik malware. The latest one can record the victim's screen, harvest credentials, log keystrokes and manage incoming calls.
QuiDDoss is the name of a ransomware variant. Malware of this type uses cryptography to encrypt files. In addition to encrypting files, QuiDDoss appends the ".Прочти меня" extension to filenames and drops a ransom note (creates the "Прочти меня.txt" file. An example of how QuiDDoss modifies filen
While analyzing captchatotal[.]live, we found that it uses a clickbait technique to lure visitors into allowing it to show notifications. Also, it redirects to a scam website. Thus, we concluded that captchatotal[.]live is an untrustworthy page. We discovered it while inspecting other websites and