We have discovered a new ransomware variant called Starmoon. It was found on VirusTotal (while analyzing the malware samples submitted to this page). Starmoon is part of the Spora ransomware family. It encrypts files and appends the victim's ID, starmoon@my.com email address, and four random chara
Captchamode[.]top is designed to display deceptive content to trick visitors into allowing it to deliver untrustworthy notifications. Additionally, it can redirect to various shady websites. In most cases, pages like captchamode[.]top are visited inadvertently. We have discovered this site while a
Adstomy[.]com is a rogue site, which our researchers found while inspecting untrustworthy websites. This page promotes spam browser notifications and redirects visitors to different (likely dubious/malicious) pages. Most users enter sites of this kind via redirects caused by webpages using rogue a
While inspecting dubious websites, our research team discovered the computeradz[.]com rogue webpage. We determined that this site promotes browser notification spam (with the use of fake CAPTCHA) and redirects visitors to other (likely untrustworthy/malicious) websites. Users typically enter such
We discovered the alcovenin[.]xyz rogue webpage while inspecting untrustworthy sites. It operates by promoting the browser notification spam and redirecting visitors to other (likely unreliable/malicious) websites. Most users typically enter such webpages via redirects caused by sites using rogue
While inspecting online malware-selling hotspots (hacker forums), our research team found the Yashma ransomware. After analyzing it, we learned that it is a new variant of the Chaos ransomware. Once launched onto our test machine, this malicious program began encrypting files and appended their f
Watch It is the name of a browser extension that we discovered while inspecting shady download webpages. This piece of software promises to allow users easy access to movies, TV shows, and related content. After analyzing this extension, we determined that it operates as adware. Adware is
During a routine inspection of new submissions to VirusTotal, our research team found the Hhjk ransomware-type program. We determined that this malicious program belongs to the Djvu ransomware family. After being launched onto our test system, Hhjk encrypted files and changed their filenames by a
CrossSign is a rogue application, which our research team found while inspecting new submissions to VirusTotal. Following our analysis of this app, we determined that it operates as advertising-supported software (adware) and that it belongs to the AdLoad malware family. Adware may requi
Ttii is the name of a malicious program classified as ransomware. It is designed to encrypt data and demand ransoms for the decryption. Additionally, Ttii is part of the Djvu ransomware family. We executed a sample of Ttii (obtained from VirusTotal) onto our test machine and it encrypted files an