Po is ransomware belonging to the Dharma family. We discovered this ransomware while analyzing malware samples submitted to the VirusTotal website. Po encrypts files, appends the victim's ID, recovery2022@tutanota.com email address, and ".Po" extension to filenames. Also, it provides two ransom no
During a routine inspection of untrustworthy sites, our researchers found the ads4pc[.]com rogue webpage. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/harmful) websites. Most users enter these pages through redirects caused by sites using ro
Our researchers discovered a rogue browser extension named style flex while inspecting dubious download webpages. This piece of software promises to allow users to modify website content alignment (i.e., left, right, center, etc.). However, our analysis revealed that it operates as advertising-sup
While inspecting new submissions to VirusTotal, our research team discovered yet another ransomware - called Root - based on Chaos. We executed a sample of Root (Chaos) ransomware on our test machine, and it began encrypting files. The filenames of the affected files were appended with the ".Root
Our inspection of the "M&T Bank" email revealed that it is spam that operates as a phishing scam. This fake letter is presented as a payment notification from the M&T Bank - a legitimate bank holding company. However, users are redirected to a fraudulent banking website when they attempt
Personal-scan[.]com is one of the deceptive websites operated by affiliates who aim to collect illegitimate commissions. After examining this site, we found that it displays deceptive content (a scam similar to "McAfee - Your PC is infected with 5 viruses!") to promote legitimate software. Also,
We discovered a browser extension called Top Files Downloader on a shady website claiming that it might be required to add this app to a browser. After adding and testing the app, we learned that it displayed unwanted/annoying advertisements. Thus, we classified Top Files Downloader as adware.
While inspecting websites offering "cracked" software to download, our research team discovered the Tool browser extension. After analyzing this rogue browser extension, we learned that it operates as adware. Tool causes redirects (force-opens websites) and may run intrusive advertisement campaign
It is a pop-up scam (a fake Windows warning) claiming that the operating system is damaged. Scammers use it to trick website visitors into downloading deceptive (potentially malicious) applications. We discovered this site while inspecting other pages that use rogue advertising networks. Typically
Hydrox is ransomware that our team has discovered while analyzing malware samples submitted to VirusTotal. It encrypts files, appends the ".hydrox" extension to filenames, drops the "Hydrox Ransomware.txt" file (a ransom note), and changes the desktop wallpaper. An example of how Hydrox ransomwar