While checking the VirusTotal page for recently submitted malware samples, we discovered ransomware dubbed FinD0m. The purpose of this malware is to encrypt files. Also, FinD0m drops the "FinD0m.txt" file and appends the ".FinD0m" extension to filenames (e.g., renames "1.jpg" to "1.jpg.FinD0m", "2
Our team has analyzed yourtopleveldefence[.]site and learned that the purpose of this site is to trick visitors into purchasing antivirus software. However, yourtopleveldefence[.]site uses a scare tactic to promote that software - it displays a fake virus warning. Typically, users open such pages
Our team has tested the Word Counter Widget browser extension and found that it displays intrusive advertisements. Thus, we classified Word Counter Widget as adware. Adware is often promoted and distributed using deceptive or other questionable methods. We discovered Word Counter Widget on a shady
Securitypczone[.]site is a rogue site that our research team discovered during a routine investigation of suspicious webpages. At the time of research, it promoted the "Norton Security - Your PC Might Be Infected With Viruses!" scam. This page also pushed spam browser notifications. Additionally,
During a routine inspection of deceptive sites, our research team found the Word Counter browser extension. It is supposedly capable of providing the word count of any current webpage. However, our inspection of this extension revealed that it is adware, i.e., Word Counter runs intrusive ad campai
Our researchers discovered the resiastawsix[.]xyz rogue page while inspecting dubious websites. We learned that this webpage promotes scams and browser notification spam. Additionally, it can redirect users to different (likely untrustworthy/malicious) sites. Most visitors to resiastawsix[.]xyz a
Tzw is the name of a ransomware-type program we discovered while inspecting new submissions to VirusTotal. We executed a sample of Tzw on our test machine, and this ransomware encrypted the files and changed their titles. The filenames were appended with a ".tzw" extension, e.g., a file initially
NeedleDropper is a malware variant designed to drop malicious payloads (inject malware). It is advertised and sold on hacking forums. NeedleDropper is a self-extracting archive that contains files used for malware execution. Threat actors have been observed distributing this malware via email.
After inspecting the "Real Estate Investment" email – we determined that it is fake. The spam letter claims to be sent by an ex-government official from the opposition party in Syria. The fabricated sender expresses wishes to make the recipient a foreign partner in their business ventures. This im
Nyx is ransomware that encrypts files, appends the victim's ID, datasupp@onionmail.com email address, and the ".NYX" extension to filenames, and drops the "READ_ME.txt" file (its ransom note). Our team discovered Nyx ransomware while inspecting malware samples submitted to VirusTotal page. An exa