During a routine investigation of new submissions to VirusTotal, we discovered the ExpandedSystem rogue application. After analyzing this app, we learned that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware stands for advertising-su
German0[.]xyz is a website that uses deception to trick visitors into agreeing to receive notifications from it. Also, it redirects visitors to scam websites. Our team discovered german0[.]xyz while examining illegal movie streaming pages, torrent sites, and similar websites. German0[.]xyz
While inspecting questionable download webpages, our research team discovered a rogue browser extension called "darkscreen". It is promoted as a tool capable of enabling dark mode for simple design websites. However, our analysis of darkscreen revealed that it operates as advertising-supported sof
We discovered entry-system[.]xyz after clicking on a link received via email. While examining the entry-system[.]xyz, we learned that it is a deceptive website designed to trick visitors into allowing it to display notifications. We also found that entry-system[.]xyz can redirect visitors to shady
While analyzing malware samples submitted to VirusTotal, we came across Ransomcrow ransomware. Like any other ransomware, Ransomcrow encrypts files and demands payment in exchange for a decryption tool. Also, it appends the ".encrypted" extension to filenames, creates the "readme.txt" file contain
Our research team discovered the Rkhwhrogq ransomware-type program during a routine inspection of new submissions to VirusTotal. We determined that this program is part of the Snatch ransomware family. After we launched a sample of Rkhwhrogq on our test system, it encrypted files and appended the
While analyzing the Action Colors application, we learned that it is a browser extension that shows intrusive advertisements and can read and change all data on all web pages. Apps that generate unwanted advertisements are classified as adware. We discovered Action Colors on a shady website offeri
CentralGeo is a piece of rogue software. After we installed this app on our test machine, we learned that it operates as adware. CentralGeo runs intrusive advertisement campaigns, and it might cause redirects and collect private data. Additionally, this application is part of the AdLoad malware
Checkmate is the name of a malicious program classified as ransomware. It is designed to encrypt data and demand payment for the decryption. After we executed a sample of Checkmate on our test machine, it encrypted files and appended their filenames with a ".checkmate" extension. For example, a f
While examining malware samples submitted to the VirusTotal website, we discovered Readlockfiles ransomware that encrypts files. Readlockfiles belongs to the MedusaLocker ransomware family. It not only encrypts files but also renames them by appending the ".readlockfiles" extension to filenames an