Hhew is the name of ransomware belonging to the Djvu ransomware family. Our malware researchers discovered it while checking the VirusTotal page for recently submitted malware samples. Hhew is designed to encrypt files, append its extension (".hhew") to filenames, and create a text file ("_readme.
Hhwq is ransomware belonging to the Djvu family. Our malware researchers discovered it during an analysis of samples submitted to the VirusTotal page. Hhwq encrypts files and appends ".hhwq" extension to filenames (for example, it renames "1.jpg" to "1.jpg.hhwq", "2.png" to "2.png.hhwq", and so fo
Lilith is the name of a malicious program categorized as ransomware. Malware within this category is designed to encrypt data and demand payment for the decryption. When we executed a sample of Lilith on our testing machine, it encrypted files and appended their filenames with a ".lilith" extensi
NoMercy is a piece of malicious software classified as a stealer. Malware within this classification operates by extracting a wide variety of sensitive information from infected machines. These programs can have a broad range of abilities for stealing data. NoMercy begins its operations (p
Brute Ratel is a penetration testing tool created after reverse engineering multiple highest quality Endpoint Detection and Response (EDR) and antivirus dynamic-link libraries (DLLs). It is a post-exploitation toolkit designed to avoid detection by EDR and antivirus capabilities. Its license costs
While inspecting new submissions to VirusTotal, we discovered the HelperProtocol rogue application. After analyzing this piece of software, we learned that it operates as adware and belongs to the AdLoad malware family. Advertising-supported software is designed to run intrusive advertis
While examining websites that use rogue advertising networks, our team came across the now-scan[.]com website. It is a deceptive page running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, now-scan[.]com asks for permission to show notifications. It is an untrustworthy page that sh
Remindexpert[.]xyz is a rogue page that our researchers found while inspecting untrustworthy websites. This webpage operates by hosting scams, promoting spam browser notifications, and redirecting visitors to other (likely dubious/malicious) sites. Most users enter websites like remindexpert[.]xy
While examining deceptive pages, our team has discovered a browser extension called Quick Site. After adding it to a browser, we found that it makes certain changes in the settings. Quick Site hijacks a web browser to promote quicknewtab.com, a fake search engine. Quick Site changes the de
While looking through dubious webpages, our research team found the pcprotect[.]name rogue site. It promotes scams, pushes browser notification spam, and redirects visitors to other (potentially unreliable/harmful) pages. Users typically enter sites like pcprotect[.]name through redirects caused