While inspecting dubious software-promoting websites, our researchers discovered the Filmedia browser extension. This piece of software is endorsed as an easy-access tool for movies. It is supposedly capable of providing the appropriate streaming services when users enter a film's title. However,
brutusptCrypt is a ransomware-type program. It is designed to encrypt data and demand payment for the decryption. When we executed a sample of this malware on our system, we learned that it appends the names of the encrypted files with a ".brutusptCrypt" extension. For example, a file initially ti
PLAY is the name of a ransomware-type program. Malware categorized as such operates by encrypting data and demanding ransoms for the decryption. After we executed a sample of this ransomware on our test machine, it encrypted files and appended their filenames with a ".PLAY" extension. For example
Dracarys is the name of Android spyware - malware that monitors activity and steals sensitive information. This spyware is distributed via fake websites by disguising it as legitimate applications. Trojanized apps have malicious code inserted into them to avoid detection. Dracarys/trojaniz
While inspecting dubious websites, our research team discovered the "Apple Security Center" tech support scam that targets Apple device users. Schemes of this kind trick victims into calling fake support lines by making claims about nonexistent system infections. When we investigated a web
After analyzing this email, we concluded that it is a phishing email used to trick recipients into providing personal information. It masquerades as a warning message from the email service provider. This email contains a link designed to open a deceptive page. This letter claims that reci
Our analysis of the "Windows Defender Subscription" email revealed that it is spam. This fake letter is presented as a notification regarding the purchase of a one-year subscription for the Windows Defender security software. It must be emphasized that this is a scam, and it is in no way associat
After examining imilroshoors[.]com, we learned that the purpose of this page is to trick visitors into agreeing to receive notifications and redirect them to other pages. We discovered imilroshoors[.]com while inspecting other pages (websites that use rogue advertising networks). Such pages do not
Captchastate[.]link is a rogue webpage that promotes browser notification spam and redirects visitors to other (likely dubious/malicious) sites. Our researchers found this page while inspecting websites that use rogue advertising networks. It is noteworthy that the redirects caused by such sites
Oiltraffic is ransomware that our team discovered while analyzing malware samples submitted to the VirusTotal website. We learned that Oiltraffic is part of the VoidCrypt family. It encrypts files, appends the victim's ID, lokilocker@tutanota.com email address, and ".Oiltraffic" extension to filen