While analyzing websites encouraging to update "outdated" software (distributing fake installers), we discovered an application called WiseInternational. We found that this is an advertising-supported app. In other words, WiseInternational is designed to generate intrusive advertisements.
While inspecting malware samples submitted to the VirusTotal website, our team discovered ransomware called Hheo. It is malware that encrypts the victim's files, appends its extension (".hheo") to the filenames of all encrypted files, and drops a ransom note (creates the "_readme.txt" file). We al
While checking the VirusTotal page for recently submitted malware samples, our researchers discovered ReadSRead - ransomware that encrypts files. We found that ReadSRead is part of the MedusaLocker ransomware family. It not only encrypts files but also appends the ".ReadSRead" extension to filenam
While inspecting untrustworthy websites offering to update supposedly outdated software, our team discovered the AllianceSpace application. While examining this app, we found that it functions as adware. AllianceSpace feeds users with intrusive advertisements that promote questionable pages.
Colors scale is the name of a browser extension that promises to allow users to change the color, saturation, contrast, and similar appearance details of visited websites. However, our analysis of this piece of software revealed that it operates as adware instead. Advertising-supported sof
While inspecting dubious sites, our research team discovered lpnotworld[.]com. This rogue webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely untrustworthy/malicious pages). Users primarily access websites like lpnotworld[.]com via redirects caused by w
Our researchers found the highpotencysoftware[.]com rogue webpage while inspecting unreliable sites. This page promotes scams, pushes spam browser notifications, and redirects visitors to different (likely untrustworthy/malicious) websites. Most users enter highpotencysoftware[.]com and similar w
While inspecting new submissions to VirusTotal, our researchers discovered the U2K ransomware. We determined that this malicious program is identical to MME ransomware. After we launched a sample of U2K on our test machine, it encrypted files and altered their names. The filenames were appended w
Rewardusacenter[.]com is a deceptive website that wants to show notifications and redirects visitors to a scam website (possibly to more than one). We discovered rewardusacenter[.]com while analyzing certain websites that use rogue advertising networks. It is uncommon for sites like rewardusacente
We discovered a new ransomware called Youfileslock while checking the VirusTotal page for the recently submitted samples. Our key findings were that Youfileslock belongs to the MedusaLocker family, encrypts files, appends the ".youfileslock" extension to filenames, and creates the "HOW_TO_RECOVER_