888 (also known as LodaRAT and Gaza007) is a Remote Access Trojan (RAT) targeting Android operating systems. Trojans of this type enable remote access/control over infected devices. Initially, the 888 RAT's developers offered this piece of malicious software for sale as Windows OS (Operating Syst
After inspecting carefully-to-remind[.]xyz, we concluded that it is one of the deceptive websites running the "McAfee - Your PC is infected with 5 viruses!" scam. Creators of this page aim to trick visitors into believing that their computers are infected and purchasing antivirus software. Also, c
Iq20 is ransomware that belongs to the Dharma ransomware family. It encrypts files and appends the victim's ID, iq200@tutanota.com email address, and ".iq20" extension to filenames. It also shows a pop-up window and creates the "info.txt" file containing ransom notes. We discovered Iq20 while chec
Diamond is ransomware - malware that encrypts files to make them inaccessible until a decryption tool purchased from the attackers is used for their decryption. Also, Diamond ransomware replaces the names of encrypted files with random characters and appends the ".diamond" extension to filenames.
While checking out suspicious websites, our researchers discovered the protection-availability[.]xyz rogue page. It runs scams, promotes spam browser notifications, and redirects visitors to different (likely unreliable/hazardous) webpages. Sites like protection-availability[.]xyz are typically ac
Our researchers discovered NativeLightning during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware may require specific conditions to run i
Stally[.]click is a rogue webpage that our research team found while investigating questionable websites. It operates by running scams, promoting browser notification spam, and redirecting users to different (likely unreliable or malicious) sites. Pages like stally[.]click are most commonly acces
NullMixer is a malicious program designed to cause chain infections and, as such, is classified as a dropper. This program has been observed infiltrating a wide variety of malware into infected devices, ranging from information-stealers to loaders. It is noteworthy that NullMixer is actively sprea
AbsoluteValue is an untrustworthy application we discovered while inspecting deceptive websites (e.g., websites instructing visitors to update the Adobe Flash Player). While analyzing AbsoluteValue, we found that it generates unwanted advertisements. Thus, it has been concluded that AbsoluteValu
While examining defender-box[.]xyz, we found that it is one of the many websites running the "McAfee - Your PC is infected with 5 viruses!" scam. This page displays deceptive content (fake virus warnings) to trick visitors into paying for legitimate antivirus software. Also, defender-box[.]xyz ask