While inspecting deceptive websites offering to download "useful" applications, fake installers, etc., we discovered an application called PlatformFormat. While testing this app, we found that it functions as adware - it displays annoying/unwanted and untrustworthy advertisements. Thus, Platform
Qqlo is ransomware that encrypts files and appends the ".qqlo" extension to filenames. It also drops a text file ("_readme.txt") that contains a ransom note. We discovered Qqlo while analyzing malware samples submitted to the VirusTotal web page. Qqlo belongs to a ransomware family called Djvu. A
Our research team discovered the Qqlc ransomware-type program during a routine investigation of new submissions to VirusTotal. It is yet another program belonging to the Djvu ransomware family. After we executed a sample of this malware on our test machine, it encrypted files and appended their f
While checking the VirusTotal page for recently submitted malware samples, we discovered a new Djvu ransomware called Qqmt. Malware of this type encrypts files to force victims to pay for a decryption tool. Usually, ransomware also provides a ransom note and modifies filenames. Qqmt drops the "_re
While testing the AssistSample application, we found that it shows annoying advertisements. Apps of this type are classified as adware (advertising-supported software). Our team discovered the AssistSample app while examining a deceptive website designed to download a fake Adobe Flash Player ins
Content-lib[.]biz is a rogue webpage that promotes spam browser notifications and redirects visitors to other (likely untrustworthy/malicious) sites. Users typically access content-lib[.]biz and websites akin to it - via redirects caused by pages using rogue advertising networks. The conte
OpenCandy is the name of an advertising-supported application. We discovered this application while analyzing the samples submitted to the VirusTotal page. OpenCandy generates unwanted advertisements, manipulates the settings of a web browser, and adds extensions/plug-ins to it. Moreover, it gathe
UltraCouponSearch is a rogue browser extension that operates as a browser hijacker. This piece of software makes modifications to browser settings in order to promote the ultracouponsearch.com fake search engine. UltraCouponSearch likely spies on users' browsing activity as well. Browser-h
VileRAT is the name of a Remote Access Trojan (RAT) - malware that gives the attacker administrative control over a target computer. It is known that cybercriminals behind VileRAT are targeting foreign and cryptocurrency exchanges. This RAT is capable of executing remote commands, keylogging, and
Malware developers often use legitimate services to diminish the detectability of their creations, and VIPSpace is an example of this. The VIPSpace malware abuses the Discord messaging platform to proliferate its payloads. This malicious program serves as a backdoor for other malicious software t