While analyzing the recently submitted samples to the VirusTotal site, our team discovered DARKY LOCK, which is ransomware. DARKY LOCK encrypts files, appends the ".darky" extension to filenames, and creates a ransom note (the "Restore-My-Files.txt" file). We also found that this ransomware is par
Jjll is ransomware that belongs to the Djvu family. It encrypts files and modifies their filenames (it appends the ".jjll" extension to filenames) and drops the "_readme.txt" file/a ransom note. An example of how Jjll modifies filenames: it renames "1.jpg" to "1.jpg.jjll", "2.png" to "2.png.jjll",
Make It Dark is a rogue browser extension that we discovered while inspecting questionable download webpages. This piece of software is promoted as a tool capable of enabling dark mode for browsers. However, our analysis revealed that Make It Dark operates as adware instead. Advertising-su
Findallmoneysurvey[.]top is a rogue webpage that we discovered while inspecting dubious sites. It is designed to load deceptive content, promote browser notification spam, and redirect visitors to different (likely untrustworthy/malicious) websites. Users mostly enter findallmoneysurvey[.]top and
The what color adware is the name of a browser extension that our team has discovered on a deceptive page instructing to add this extension/application to complete some process. After testing the app, we found that it is adware - it displays annoying/intrusive advertisements. Thus, it is advisable
After examining the omouswomani[.]xyz page, we concluded that it is a deceptive website designed to trick visitors into agreeing to receive notifications. Our team has discovered omouswomani[.]xyz while inspecting other websites that use rogue advertising networks. It is very uncommon for pages li
While inspecting dubious download webpages, our researchers discovered one promoting the Avoiding Ads browser extension. It is endorsed as an ad-blocking tool (adblocker) for YouTube. After analyzing this piece of software, we learned that it operates as adware (i.e., delivers advertisements).
While inspecting unreliable websites, our researchers discovered the cleaningupdate[.]xyz rogue page. It promotes scams (at the time of research - "Your Windows 10 is infected with viruses"), pushes browser notification spam, and redirects visitors to other (likely dubious/malicious) sites. Users
Helperate is the name of an application we discovered while inspecting a shady website offering to install a browser extension. Our team has tested Helperate and learned that it functions as adware. This application displays intrusive advertisements. It is strongly recommended not to have it on a
Our research team found the Yalohol ransomware-type program during a routine inspection of new malware submissions to VirusTotal. We also learned that this program is part of the Spora ransomware family. Once we executed a sample of Yalohol on our test system, it encrypted files and changed their