The Internet is rife with deceptive and malicious content. While inspecting untrustworthy websites, our research team found the buyfunllc[.]com rogue page. It promotes browser notification spam and redirects visitors to different (likely dubious/harmful) sites. Most users enter webpages like buyf
While looking through new submissions to VirusTotal, our researchers discovered the Colambia ransomware-type program. This piece of malicious software belongs to the ZEPPELIN ransomware family. Once we executed a sample of Colambia on our test machine, it began encrypting files and appended their
During a routine investigation of new submissions to VirusTotal, we discovered the ExpandedSystem rogue application. After analyzing this app, we learned that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware stands for advertising-su
German0[.]xyz is a website that uses deception to trick visitors into agreeing to receive notifications from it. Also, it redirects visitors to scam websites. Our team discovered german0[.]xyz while examining illegal movie streaming pages, torrent sites, and similar websites. German0[.]xyz
While inspecting questionable download webpages, our research team discovered a rogue browser extension called "darkscreen". It is promoted as a tool capable of enabling dark mode for simple design websites. However, our analysis of darkscreen revealed that it operates as advertising-supported sof
We discovered entry-system[.]xyz after clicking on a link received via email. While examining the entry-system[.]xyz, we learned that it is a deceptive website designed to trick visitors into allowing it to display notifications. We also found that entry-system[.]xyz can redirect visitors to shady
While analyzing malware samples submitted to VirusTotal, we came across Ransomcrow ransomware. Like any other ransomware, Ransomcrow encrypts files and demands payment in exchange for a decryption tool. Also, it appends the ".encrypted" extension to filenames, creates the "readme.txt" file contain
Our research team discovered the Rkhwhrogq ransomware-type program during a routine inspection of new submissions to VirusTotal. We determined that this program is part of the Snatch ransomware family. After we launched a sample of Rkhwhrogq on our test system, it encrypted files and appended the
While analyzing the Action Colors application, we learned that it is a browser extension that shows intrusive advertisements and can read and change all data on all web pages. Apps that generate unwanted advertisements are classified as adware. We discovered Action Colors on a shady website offeri
CentralGeo is a piece of rogue software. After we installed this app on our test machine, we learned that it operates as adware. CentralGeo runs intrusive advertisement campaigns, and it might cause redirects and collect private data. Additionally, this application is part of the AdLoad malware