T_TEN is the name of a new DCRTR ransomware variant. It encrypts files and appends the ".T_TEN" extension to filenames. Also, it drops the "Readme.txt" file on the desktop and displays a pop-up window (both containing ransom notes). Our malware researchers discovered T_TEN while examining malware
Defenderpage[.]xyz is a rogue webpage that our researchers discovered during a routine investigation of suspicious websites. It is designed to run online scams, promote spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) sites. Users typically enter defenderpa
"Deceptive calendar events" refers to spam events created in Android device calendars by malware. The fake events are typically used to bombard victims with calendar notifications that promote various scams and malicious content. Malware that employs deceptive calendar events aims to acqui
Ubersear[.]ch is the address of a fake search engine. Typically, websites of this kind are promoted by browser-hijacking software that modifies browser settings to cause such redirects. However, ubersear[.]ch was observed being pushed by an Android-targeting malware called "Ads Blocker". This mal
While testing the StandardVirtue application, our team found that it shows intrusive advertisements. For this reason, we classified StandardVirtue as adware. Typically, adware is distributed using deceptive methods. Our team discovered StandardVirtue after downloading a fake installer from an un
Adww is yet another ransomware-type program belonging to the Djvu malware family, which our researchers discovered while inspecting new submissions to VirusTotal. Once we executed a sample of Adww on our test machine, it began encrypting files. The filenames of the affected files were appended wi
While examining series-protection[.]com, our team learned that it runs the "McAfee Total Protection - Your PC Is Infected With 5 Viruses!" scam and asks for permission to deliver untrustworthy notifications. We discovered series-protection[.]com while inspecting websites that use rogue advertising
Adlg is ransomware that prevents victims from accessing/using their files by encrypting them. Adlg is part of the Djvu family. Our team discovered this malware while examining samples submitted to VirusTotal. In addition to encrypting files, Adlg renames them (it appends the ".adlg" extension to f
While testing searchoverus.com, we learned that it is a shady search engine. It generates questionable search results and shows advertisements. Typically, search engines of this kind are promoted via apps that hijack web browsers by changing their settings. Most users add browser hijackers to brow
Lol is ransomware that blocks access to data by encrypting it. In addition to encrypting files, it appends the ".lol" extension to filenames and creates the "Message.txt" file containing a ransom note. Our team discovered Lol ransomware while inspecting malware samples submitted to VirusTotal. An