Mo*.biz is the address (URL) shared by a group of rogue websites, which include mo01[.]biz, mo02[.]biz, mo03[.]biz, mo04[.]biz, mo05[.]biz, mo06[.]biz, mo07[.]biz, and many others. These sites are designed to load deceptive content, promote browser notification spam, and redirect users to differen
Our research team discovered the Toa ransomware during a routine inspection. This malicious program is based on Chaos ransomware. After we executed a sample of Toa on our testing system, it encrypted data and demanded payment for the decryption. The filenames of the affected files were appended w
While analyzing pages that use rogue advertising networks, we encountered smartcaptcha[.]top - another questionable website. We learned that smartcaptcha[.]top displays a deceptive image and message to trick visitors into agreeing to receive notifications. Also, it redirects visitors to various sc
BridgePro is the name of an application that we discovered on a deceptive web page claiming that the installed version of Adobe Flash Player is out of date. After downloading and testing BridgePro, we found that it is an useless application that shows annoying advertisements. Therefore, we class
RedAlert (N13V) is a piece of malicious software classified as ransomware, a type of malware designed to encrypt data and demand payment for the decryption. This ransomware is a cross-platform program, the Windows variant is referred to as RedAlert, while the Linux VMware ESXi server targeting ver
Readnet is ransomware that our team discovered while inspecting malware samples submitted to the VirusTotal page. We found that Readnet is part of the MedusaLocker ransomware family. The purpose of ransomware is to encrypt files. Also, Readnet renames files by appending the ".Readnet7" extension t
After examining this email, we found that the scammers behind it pretend to be a state-owned company that provides postal service in Spain. The email is written in Spanish. Scammers use it to trick recipients into opening a fake Correos website and providing sensitive information. The email is wri
DockMode is an adware-type application that our researchers discovered during a routine inspection of new submissions to VirusTotal. We learned that this app belongs to the AdLoad malware family. Our analysis revealed that this piece of software runs intrusive advertisement campaigns and may ha
While examining deceptive websites (fake installers downloaded from them) we found an application called EditWave. It is unlikely that user would install this software on purpose. We found that EditWave an advertising-supported application - it bombards users with intrusive advertisements.
Po is ransomware belonging to the Dharma family. We discovered this ransomware while analyzing malware samples submitted to the VirusTotal website. Po encrypts files, appends the victim's ID, recovery2022@tutanota.com email address, and ".Po" extension to filenames. Also, it provides two ransom no