ZORN is ransomware that encrypts files and appends the ".ZORN" extension to filenames. It also creates the "RESTORE_FILES_INFO.txt" text file (a ransom note) and displays a black screen with text on it before logging into Windows. We have discovered ZORN ransomware while analyzing malware samples
Speedcaptcha-here[.]top is a rogue page, which our research team discovered while inspecting dubious websites. This webpage is designed to promote browser notification spam and redirect visitors to different (likely deceptive or malicious) sites. Webpages like speedcaptcha-here[.]top are usually
Discovered by malware analyst Karsten Hahn, TomyBank is a ransomware-type program. It is designed to encrypt data and demand ransoms for the decryption. We obtained a sample of TomyBank from VirusTotal and launched it onto our test machine. This ransomware began encrypting data and displayed a fa
DynamicInterface is the name of a rogue application that our research team found while inspecting new submissions to VirusTotal. After analyzing this app, we discovered that DynamicInterface operates as advertising-supported software (adware) and belongs to the AdLoad malware family. If
SHILED (SHIELD) is the name of a ransomware-type program that we discovered while looking through new malware submissions on VirusTotal. Typically, malicious programs within this category encrypt data to demand ransoms for the decryption. After analyzing SHILED (SHIELD), we determined that it enc
We have discovered the ExecutiveBrowser application on a shady website offering to download an update for the Adobe Flash Player. After testing the app, we found that it generates advertisements - it functions as adware. Ads displayed by adware downloaded from untrustworthy sources cannot be tru
Mund35ane-cha11nnel[.]xyz is an untrustworthy website that runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to show deceptive notifications. We have discovered it while visiting pages (illegal movie streaming sites, pages offering to download videos from YouTube
While inspecting shady sites, our researchers discovered the youzik[.]app website. It operates as a YouTube converter/downloader, i.e., this site allows users to convert video links from this platform into downloadable audio files (MP3 format). Not only does this service break copyright laws, but
Listentoyou[.]tube is a website offering to download music from YouTube in MP3 format. However, it uses rogue advertising networks - it opens various questionable (potentially malicious) pages. It is worth mentioning that pages using the networks mentioned above can display shady advertisements.
During a routine inspection of new submissions to VirusTotal, our research team found the CommonOperation application. Following our analysis, we determined that this piece of software operates as adware and belongs to the AdLoad malware family. Adware may require certain conditions (e.g