While inspecting malware samples submitted to the VirusTotal page, our team discovered ransomware called Oflg. It is part of the Djvu ransomware family. Oflg encrypts the victim's files, appends its extension (".oflg") to the filenames of all encrypted files, and creates the "_readme.txt" file/a r
While inspecting cousonelly[.]com, we learned that the purpose of this page is to trick visitors into allowing it to show notifications. It displays deceptive content to get that permission. Our team discovered cousonelly[.]com while examining websites that use rogue advertising networks (illegal
Steady-protection[.]com is a rogue webpage that our researchers discovered while investigating untrustworthy websites. This page runs scams, promotes spam browser notifications, and redirects visitors to other (likely unreliable/harmful) sites. Most users access steady-protection[.]com and webpag
During a routine inspection of questionable software-promoting webpages, our researchers found the Weather Forecast Online browser extension. It is endorsed as a quick-access tool for local weather forecasts, humidity reports, and other related online content. However, our analysis revealed that t
Our research team discovered the ORCA ransomware while investigating new malware submissions to VirusTotal. This malicious program belongs to the ZEPPELIN ransomware family. When we executed a sample of ORCA on our test system, it began encrypting files and altered their titles. Original filename
While testing the Secure Text Search browser extension, we noticed that it displays intrusive advertisements. Apps that display unwanted ads are called advertising-supported apps (or adware). Typically, users download and install adware on computers (or add it to browsers) without knowing that it
While testing the search-tap.com search engine, our team discovered that it includes advertisements in its results and generates questionable results. Thus, search-tap.com should not be used to browse the Internet. Typically, questionable (or fake) search engines are promoted by browser hijackers
Trochilus is a piece of malicious software classified as a RAT (Remote Access Trojan). This type of malware operates by enabling remote access/control over infected devices. Trochilus has been around for a while, and it was even available on the GitHub software repository. However, new and update
While examining the webdatasecuritycenter.com page, we discovered that it is an untrustworthy page running a scam similar to "McAfee Total Protection - Your PC Might Be Infected With viruses!". It also asks visitors for permission to show notifications. Our team found webdatasecuritycenter.com whi
Deed is a RAT-type malware. RATs (Remote Access Trojans) are designed to allow for remote access and control over infected devices. These trojans tend to have a broad range of malicious functionalities and are considered to be especially dangerous. It has to be mentioned that Deed RAT has been ar