Tuow is a Djvu ransomware that encrypts files, appends its extension (".tuow") to filenames, and creates a text file ("_readme.txt") containing a ransom note. Victims cannot access/use encrypted files until they are decrypted. Our malware researchers discovered Tuow ransomware while inspecting mal
While inspecting questionable sites, we discovered the flymylife[.]info rogue webpage. It is designed to promote browser notification spam and cause redirects to other (likely untrustworthy/harmful) websites. Users typically access pages like flymylife[.]info through redirects caused by websites t
Rugby Start is a rogue browser extension that our research team found during a routine investigation of untrustworthy websites. This piece of software is promoted as a quick-access tool for Rugby results and related news. After analyzing Rugby Start, we determined that it operates as a browser hij
While investigating new submissions to VirusTotal, our researchers discovered the ESCANOR ransomware. It is designed to encrypt data and demand ransoms for the decryption. When we executed a sample of this ransomware on our test machine, it began encrypting files and changed their filenames. To e
The Wise Guys is the name of a data wiper disguised as ransomware. It deletes all files (it does not encrypt them). Also, it generates three files ("readme.txt", "readme.hta", and "readme.html") containing identical ransom notes. Our team discovered The Wise Guys malware while checking the VirusTo
border colors is the name of a browser extension that supposedly puts border colors on layouts of websites. Our team discovered this app while inspecting various deceptive pages (it is promoted on several shady pages). During the examination, we found that border colors shows annoying advertisemen
Protectionsurveys[.]online is a rogue webpage that our research team discovered while inspecting dubious sites. It is designed to promote deceptive content, push spam browser notifications, and redirect visitors to different (likely untrustworthy/harmful) websites. Users typically enter these page
While examining posto[.]click, our team found that this page runs the "McAfee - Your PC is infected with 5 viruses!" scam and wants to deliver its notifications. It uses deceptive marketing to trick visitors into purchasing legitimate computer security software. We discovered posto[.]click while i
After examining this website, we concluded that it is a fake crypto giveaway scam page that offers to send cryptocurrency to a specified wallet and get twice as much back. Scammers behind this scam impersonate Elon Musk (use a fake Twitter page) to d deceive users. It is a complete scam that shoul
Chromnius is a rogue browser based on the Chromium open-source project. Our research team discovered this piece of software while inspecting suspicious software-promoting websites. After installing this application on our test machine, we determined that it operates as adware and has qualities th