We discovered a new Dharma ransomware variant called Cyberpunk. It encrypts files, appends the victim's ID, cyberpunk@onionmail.org email address, and ".CYBER" extension to filenames, and provides two ransom notes. Cyberpunk provides one ransom note in a pop-up window and another in the "CYBER.txt
ArrowRAT is the name of a Remote Access Trojan (RAT) that allows threat actors to perform various malicious activities on infected/accessed computers. ArrowRAT is offered as Malware-as-a-Service (MaaS). Its creators offer three subscription plans: monthly ($100), three months ($300), and lifetime
While inspecting suspicious websites, our research team discovered the suldo[.]click rogue page. Sites of this kind are designed to promote deceptive material, push browser notification spam, and redirect visitors to other (likely unreliable/malicious) pages. When we investigated suldo[.]click, i
NFT Tab is a rogue browser extension that our researchers discovered while inspecting untrustworthy sites. This extension is presented as a tool that provides easy access to trending NFTs (Non-Fungible Tokens) and other related news. Our analysis revealed that NFT Tab operates as a browser hijacke
HARDBIT is a piece of malicious software categorized as ransomware. It is designed to encrypt data and demand payment for the decryption. Once we executed a sample of HARDBIT on our test system, it began encrypting files and modified their titles. Original filenames were appended with a unique ID
While examining thepositiveimpactnow[.]com, our team learned that this page is designed to lure visitors into allowing it to show notifications. Our other finding was that it redirects visitors to a similar deceptive website. We discovered thepositiveimpactnow[.]com while inspecting pages that use
While inspecting suspicious sites, our researchers found one promoting a browser extension called Motivational Quotes. It is endorsed as a tool that displays famous entrepreneur quotes on the Google homepage. However, our inspection of this extension revealed that it operates as adware. In other w
While examining NoteTab - Save Your Thoughts, we found that it changes the settings of a web browser to promote find.unav-web.com, a fake search engine. Apps that behave like this are called browser hijackers. In most cases, browser hijackers are promoted and distributed using shady methods. We di
While inspecting new submissions to VirusTotal, our research team came upon an application named AllocateType. After analyzing it, we learned that it is an adware-type app belonging to the AdLoad malware family. Adware operates by displaying advertisements on visited websites and/or diff
Recently, our team discovered an advertising-supported application called ManagerUpdater. We classified ManagerUpdater as adware because it generates unwanted advertisements. We also found that this app can read sensitive information. In most cases, users download and install adware inadvertentl