Dark Screen is a browser extension our researchers discovered while inspecting questionable download webpages. It is promoted as a dark mode tool for browsers. However, our analysis of this piece of software revealed that it operates as adware. Hence, Dark Screen displays ads and spies on users' b
Fsmevh[.]com uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, this page can redirect visitors to a similar website. We discovered fsmevh[.]com while examining other sites that use rogue advertising networks. It is uncommon for pages like fsmevh[.]com to be
Redeemer 2.0 is an updated variant of the Redeemer ransomware-type program. Ransomware is designed to encrypt data and demand payment for the decryption. Redeemer 2.0 ransomware differs from its older variants in a number of ways, such as it is capable of infecting Windows 11 Operating Systems (O
Our malware researchers discovered ransomware from the VoidCrypt family called 1more while analyzing samples submitted to the VirusTotal website. 1more encrypts files, appends the victim's ID, 1moredec@gmail.com email address, and the ".1more" extension to filenames, and drops a ransom note (the "
Discovered by Dr. Web researchers, HiddenAds is a malware family targeting Android operating systems. This group comprises numerous malicious applications; most operate as adware (display ads), but some are also capable of stealthily subscribing victims to premium-rate services and stealing their
While checking the VirusTotal page for recently submitted samples, we discovered an information stealer called Nitro Stealer. This malware is designed to gather information from a system. It sends obtained information to threat actors. Usually, information stealers stealthily infiltrate computers
Our research team discovered the DigitGuild application while looking through new submissions to VirusTotal. We obtained a sample of DigitGuild and installed it onto a test system. Our analysis of this app revealed that it operates as advertising-supported software (adware) that belongs to the A
While inspecting sites that use rogue advertising networks, we discovered antivirus-here[.]com. We learned that antivirus-here[.]com is an untrustworthy website that runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to show notifications. This website (and its no
Sakura is a ransomware-type program based on the Chaos ransomware, which our researchers found while inspecting new submissions to VirusTotal. Malware within this classification (ransomware) encrypts victims' data in order to make ransom demands for the decryption. After we executed a sample of S
While examining the malware samples submitted to the VirusTotal site, we found POLINA ransomware. It encrypts files and modifies their filenames (it appends the ".POLINA" extension to filenames. Also, POLINA ransomware drops a ransom note (the "READ_HELP.txt" file) on a desktop. An example of how