NullMixer is a malicious program designed to cause chain infections and, as such, is classified as a dropper. This program has been observed infiltrating a wide variety of malware into infected devices, ranging from information-stealers to loaders. It is noteworthy that NullMixer is actively sprea
AbsoluteValue is an untrustworthy application we discovered while inspecting deceptive websites (e.g., websites instructing visitors to update the Adobe Flash Player). While analyzing AbsoluteValue, we found that it generates unwanted advertisements. Thus, it has been concluded that AbsoluteValu
While examining defender-box[.]xyz, we found that it is one of the many websites running the "McAfee - Your PC is infected with 5 viruses!" scam. This page displays deceptive content (fake virus warnings) to trick visitors into paying for legitimate antivirus software. Also, defender-box[.]xyz ask
CreedNetwork is a rogue application discovered by our research team during a routine investigation of new submissions to VirusTotal. We inspected this piece of software and determined that it operates as adware. It is noteworthy that CreedNetwork is part of the AdLoad malware family. Adw
Triada is the name of a Trojan targeting Android users. Cybercriminals distribute this Trojan via a modified version of WhatsApp called FMWhatsapp (and possibly other apps). Once the app with Triada hidden in it is launched, the Trojan gathers various device information to set up a communication c
Our research team discovered the Wizard malicious program during a routine inspection of new submissions to VirusTotal. It is classified as ransomware - a type of malware that encrypts data and makes ransom demands for the decryption tools. After we executed a sample of Wizard ransomware on our t
TeamDarkAnon is ransomware designed to encrypt files, change the desktop wallpaper, drop a ransom note (the "read_it.txt") file, and append the ".anon" extension to filenames. Files encrypted by ransomware cannot be opened until they are decrypted. We discovered TeamDarkAnon while examining malwar
Our inspection of the "Pending Messages On Our Remote Server" email revealed that it operates as a phishing scam. This letter seeks to obtain the recipient's email account log-in credentials by making false claims about messages failing to reach their inbox. The spam email with the subject
ModemMaterial is the name of an application our team discovered after downloading and using a fake installer for the Adobe Flash Player. While testing ModemMaterial, we learned that it generates intrusive advertisements. Software that shows unwanted advertisements is called adware. Adwar
Unique is ransomware that makes files inaccessible by encrypting them, modifies their filenames, and generates two ransom notes ("info.txt" and "info.hta" files). Unique is part of the Phobos ransomware family. We discovered it on VirusTotal (while checking this page for recently submitted malware