YamaBot is the name of a cross-platform malware written in the Go programming language. This malicious program targets both Windows and Linux Operating Systems (OSes). YamaBot is associated with the North Korean state-backed cyber criminals known as the Lazarus Group. YamaBot attacks have been obs
While looking through new submissions to VirusTotal, our researchers discovered the ComputingInvolve application. Our analysis of this piece of rogue software revealed that it operates as adware. Additionally, we learned that this app is part of the AdLoad malware family. Adware displays
Aigaithojo[.]com is an untrustworthy page that wants to show notifications. It uses a clickbait technique (a deceptive method) to trick visitors into allowing it to show those notifications. Also, aigaithojo[.]com redirects visitors to other websites. We discovered aigaithojo[.]com while inspectin
Screen Locking malware refers to screenlocker-type ransomware programs that target Android operating systems. There are numerous variants of this malware, but they differ from previously observed Android screenlockers due to the novel techniques that they use. This is a high-end screenlocker famil
While examining a malicious document containing Cobalt Strike beacon, we discovered a new malware called Manjusaka. This malware has the capabilities of a Remote Access Trojan (RAT). Cybercriminals can use it for various purposes (from stealing information to managing files). Manjusaka can be plan
Vvyu is ransomware that encrypts files and modifies filenames (appends the ".vvyu" extension to filenames). We found this ransomware while examining malware samples submitted to the VirusTotal page. In addition to encrypting and renaming files, Vvyu drops the "_readme.txt" file, a ransom note. We
Diet is the name of adware (advertising-supported software) that shows unwanted applications. Our team discovered it after inspecting an ISO file downloaded from a deceptive website. The purpose of the Diet is to display unwanted (intrusive) advertisements. This untrustworthy software should be re
Our researcher team found the twithdiffer[.]xyz rogue site while looking through various untrustworthy webpages. This page is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) sites. Twithdiffer[.]xyz and similar webpages are usually ac
Mo*.biz is the address (URL) shared by a group of rogue websites, which include mo01[.]biz, mo02[.]biz, mo03[.]biz, mo04[.]biz, mo05[.]biz, mo06[.]biz, mo07[.]biz, and many others. These sites are designed to load deceptive content, promote browser notification spam, and redirect users to differen
Our research team discovered the Toa ransomware during a routine inspection. This malicious program is based on Chaos ransomware. After we executed a sample of Toa on our testing system, it encrypted data and demanded payment for the decryption. The filenames of the affected files were appended w