Our malware researchers discovered ransomware from the VoidCrypt family called 1more while analyzing samples submitted to the VirusTotal website. 1more encrypts files, appends the victim's ID, 1moredec@gmail.com email address, and the ".1more" extension to filenames, and drops a ransom note (the "
Discovered by Dr. Web researchers, HiddenAds is a malware family targeting Android operating systems. This group comprises numerous malicious applications; most operate as adware (display ads), but some are also capable of stealthily subscribing victims to premium-rate services and stealing their
While checking the VirusTotal page for recently submitted samples, we discovered an information stealer called Nitro Stealer. This malware is designed to gather information from a system. It sends obtained information to threat actors. Usually, information stealers stealthily infiltrate computers
Our research team discovered the DigitGuild application while looking through new submissions to VirusTotal. We obtained a sample of DigitGuild and installed it onto a test system. Our analysis of this app revealed that it operates as advertising-supported software (adware) that belongs to the A
While inspecting sites that use rogue advertising networks, we discovered antivirus-here[.]com. We learned that antivirus-here[.]com is an untrustworthy website that runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to show notifications. This website (and its no
Sakura is a ransomware-type program based on the Chaos ransomware, which our researchers found while inspecting new submissions to VirusTotal. Malware within this classification (ransomware) encrypts victims' data in order to make ransom demands for the decryption. After we executed a sample of S
While examining the malware samples submitted to the VirusTotal site, we found POLINA ransomware. It encrypts files and modifies their filenames (it appends the ".POLINA" extension to filenames. Also, POLINA ransomware drops a ransom note (the "READ_HELP.txt" file) on a desktop. An example of how
After downloading and installing the PanelCharge application, we learned that it is an advertising-supported application that bombards users with unwanted and intrusive advertisements. We discovered it while examining deceptive websites claiming that certain installed software is outdated.
After analyzing this email, we determined that it is a sextortion scam threatening to share (disclose) videos of recipients visiting adult websites and their personal information. This email aims to trick recipients into sending a specified amount of Bitcoins to the provided wallet. None of the cl
Cleanyourpcnow[.]com is a rogue webpage that we found while inspecting dubious sites. It runs scams, promotes browser notification spam, and redirects users to other (likely untrustworthy/malicious) webpages. Users typically access such pages through redirects caused by websites using rogue advert