Discovered during a routine inspection of VirusTotal submissions, Tor is a ransomware-type program. Our researchers have determined that it belongs to the Paradise malware family. Once launched on our test system, Tor began encrypting files and appending their filenames with a "_decryptor_{victim
We have examined this email and found that it is disguised as a letter from an unspecified bank regarding changes in bank account information. It also has a malicious archive file attached to it. After examining the attachment, we learned that it is used to trick recipients into executing NanoCore
LauncherRecord is yet another adware-type application belonging to the AdLoad malware family, which our researchers discovered while inspecting new submissions to VirusTotal. This app is designed to run intrusive advertisement campaigns, and it may have other harmful abilities. Following
Safetyfirst[.]cfd is a deceptive website designed to trick visitors into believing that their computers are at risk/infected with viruses and agreeing to receive notifications. We discovered safetyfirst[.]cfd while examining pages (such as torrent sites and illegal movie streaming sites) that use
Our team has discovered the OriginInput while examining shady websites that display deceptive content to trick visitors into downloading questionable applications. After installation, OriginInput started to display unwanted advertisements. Thus, we have concluded that OriginInput is typical adwa
"I have been watching you" is a spam email our researchers have classified as a sextortion scam. This letter falsely claims that there is proof of the recipient's infidelity and threatens to leak it - unless a payment is made. It must be emphasized that this mail is merely a scam, and none of its
Oslapisavkusna is a ransomware-type program that we found while inspecting new malware submissions on VirusTotal. We determined that this malicious program is part of the ZEPPELIN ransomware family. When we launched a sample on our test system, it encrypted files and appended their filenames with
We have discovered the multisearch.live application while visiting shady websites. After testing the app, we have learned that it changes the settings of a web browser to promote search.multisearch.live - a fake search engine. In other words, we have found that this app functions as a typical brow
Send dark is the name of a browser extension advertised as a tool capable of creating a dark mode for simple design websites. After analyzing this piece of software, our researchers determined that it is a browser hijacker. Send dark modifies browsers in order to promote the getsins.com illegitima
Lmonopolic[.]com is an untrustworthy page that is promoted through other pages that use shady advertising networks. We have discovered lmonopolic[.]com while checking various illegal movie streaming and torrent sites. After examining this page, we have learned that it attempts to get permission to