While examining a malicious document containing Cobalt Strike beacon, we discovered a new malware called Manjusaka. This malware has the capabilities of a Remote Access Trojan (RAT). Cybercriminals can use it for various purposes (from stealing information to managing files). Manjusaka can be plan
Vvyu is ransomware that encrypts files and modifies filenames (appends the ".vvyu" extension to filenames). We found this ransomware while examining malware samples submitted to the VirusTotal page. In addition to encrypting and renaming files, Vvyu drops the "_readme.txt" file, a ransom note. We
Diet is the name of adware (advertising-supported software) that shows unwanted applications. Our team discovered it after inspecting an ISO file downloaded from a deceptive website. The purpose of the Diet is to display unwanted (intrusive) advertisements. This untrustworthy software should be re
Our researcher team found the twithdiffer[.]xyz rogue site while looking through various untrustworthy webpages. This page is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) sites. Twithdiffer[.]xyz and similar webpages are usually ac
Mo*.biz is the address (URL) shared by a group of rogue websites, which include mo01[.]biz, mo02[.]biz, mo03[.]biz, mo04[.]biz, mo05[.]biz, mo06[.]biz, mo07[.]biz, and many others. These sites are designed to load deceptive content, promote browser notification spam, and redirect users to differen
Our research team discovered the Toa ransomware during a routine inspection. This malicious program is based on Chaos ransomware. After we executed a sample of Toa on our testing system, it encrypted data and demanded payment for the decryption. The filenames of the affected files were appended w
While analyzing pages that use rogue advertising networks, we encountered smartcaptcha[.]top - another questionable website. We learned that smartcaptcha[.]top displays a deceptive image and message to trick visitors into agreeing to receive notifications. Also, it redirects visitors to various sc
BridgePro is the name of an application that we discovered on a deceptive web page claiming that the installed version of Adobe Flash Player is out of date. After downloading and testing BridgePro, we found that it is an useless application that shows annoying advertisements. Therefore, we class
RedAlert (N13V) is a piece of malicious software classified as ransomware, a type of malware designed to encrypt data and demand payment for the decryption. This ransomware is a cross-platform program, the Windows variant is referred to as RedAlert, while the Linux VMware ESXi server targeting ver
Readnet is ransomware that our team discovered while inspecting malware samples submitted to the VirusTotal page. We found that Readnet is part of the MedusaLocker ransomware family. The purpose of ransomware is to encrypt files. Also, Readnet renames files by appending the ".Readnet7" extension t