While examining various shady/deceptive web pages, our team discovered an application called MajorSector. After installing and analyzing this app, they found that it generates advertisements. They also noticed that it can access sensitive information. Our malware researchers have classified Majo
While inspecting new submissions to VirusTotal, our research team discovered yet another malicious program based on Chaos ransomware. This ransomware-type program is called BlackToxic. We obtained a sample of it from VirusTotal and ran it in our test system. BlackToxic encrypted files and appende
BlueShtorm is an information-stealing malware discovered by 3xp0rt. It is not known at this time what information this malware collects. Usually, information stealers target data that could be misused to steal money and (or) identities, hijack personal accounts, make fraudulent purchases, or black
While inspecting deceptive sites, our researchers discovered the "Congratulations You just received TetherUSDT" scam. It is yet another phishing scam targeting cryptocurrency wallet credentials. When we accessed a website running this scam, it presented us with a statement claiming that th
Zpps is a ransomware-type program that our researchers found while inspecting new malware submissions to VirusTotal. This malicious program is part of the Djvu ransomware family. After launching a sample of Zpps ransomware on our test machine, it encrypted files and appended their filenames with
Qlln is the name of ransomware belonging to the ransomware family called Djvu. We have discovered this variant during our routine check for malware samples submitted to VirusTotal. It was found that Qlln encrypts files and appends ".qlln" extension to filenames, and provides a ransom note (creates
Nnuz is ransomware that encrypts files and appends the ".nnuz" extension to filenames. Also, it creates the "_readme.txt" file that contains instructions on how to contact the attackers and other information. Our malware researchers have discovered Nnuz while checking samples submitted to the Viru
We discovered the Web Saver application on a shady website offering to install it before continuing to the page. After installing this app, we learned that it functions as adware - it displays annoying advertisements. The download page for Web Saver states that this app removes error pages and pro
VastVista is a rogue app that our researchers found while inspecting new submissions to VirusTotal. Once we installed this application on our test machine, we learned that VastVista operates as adware and belongs to the AdLoad malware family. Advertising-supported software may require sp
While inspecting questionable download webpages, our research team discovered the text info browser extension. Our analysis of this piece of software revealed that it operates as adware. Adware enables the placement of third-party graphical content (various advertisements) on visited websi