Our researchers discovered the Ggwq ransomware-type program during a routine inspection of new malware submissions to VirusTotal. This malicious program is part of the Djvu ransomware family. After being launched onto our test machine, Ggwq encrypted files and appended their names with the ".ggwq
While examining malware samples submitted to the VirusTotal page, our team came across ransomware called Xrom, which belongs to the Dharma family. Xrom encrypts files and appends the victim's ID, money21@onionmail.org email address, and the ".xrom" extension to filenames. Also, it drops the "FILES
Ggew is yet another ransomware belonging to the Djvu family, which our researchers discovered while inspecting new malware submissions to VirusTotal. We executed a sample of Ggew on our test machine, it encrypted files and appended their filenames with a ".ggew" extension. For example, a file ini
While examining malware samples submitted to VirusTotal, our malware researchers came across Ggyu - ransomware designed to encrypt files. We also found that Ggyu appends the ".ggyu" extension to filenames and drops the "_readme.txt" file (a file containing a ransom note). Our other finding was tha
While inspecting malware samples submitted to the VirusTotal page, we discovered ransomware (belonging to the Djvu family) called Ggeo. It encrypts files and appends its extension to filenames. For example, Ggeo renames "1.jpg" to "1.jpg.ggeo", "2.png" to "2.png.ggeo", etc. Also, it drops the "_re
Our research team found the easydating[.]top rogue webpage during a routine inspection of questionable websites. This page promotes browser notification spam and redirects visitors to different (likely untrustworthy and/or malicious) websites. Most users enter easydating[.]top and similar webpage
While inspecting new submissions to VirusTotal, we discovered the WirelessZipServer rogue app. After analyzing this piece of software, we determined that it operates as adware and is part of the AdLoad malware family. Adware is designed to deliver intrusive advertisement campaigns. In ot
While visiting and inspecting shady websites that use rogue advertising networks, we discovered another untrustworthy page - captcha-test[.]top. This page uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, it redirects visitors to a similar page. Cap
During a routine inspection of new submissions to VirusTotal, our researchers found the EfficiencyInternet rogue application. We analyzed this app and learned that it operates as adware and is part of the AdLoad malware family. Advertising-supported software enables the placement of thir
While inspecting deceptive software download webpages, our researchers discovered the Mondy Search browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. Mondy Search changes browser settings and promotes the mondysearch.com fake search eng