While inspecting dubious download webpages, our researchers discovered one promoting the Avoiding Ads browser extension. It is endorsed as an ad-blocking tool (adblocker) for YouTube. After analyzing this piece of software, we learned that it operates as adware (i.e., delivers advertisements).
While inspecting unreliable websites, our researchers discovered the cleaningupdate[.]xyz rogue page. It promotes scams (at the time of research - "Your Windows 10 is infected with viruses"), pushes browser notification spam, and redirects visitors to other (likely dubious/malicious) sites. Users
Helperate is the name of an application we discovered while inspecting a shady website offering to install a browser extension. Our team has tested Helperate and learned that it functions as adware. This application displays intrusive advertisements. It is strongly recommended not to have it on a
Our research team found the Yalohol ransomware-type program during a routine inspection of new malware submissions to VirusTotal. We also learned that this program is part of the Spora ransomware family. Once we executed a sample of Yalohol on our test system, it encrypted files and changed their
Our malware researchers have discovered a new ransomware called Again while examining malware samples submitted to the VirusTotal website. It was found that Again is part of the Babuk ransomware family. The purpose of this malware is to encrypt files. Also, Again renames encrypted files (appends
Our researchers discovered the StandartSync rogue application during a routine inspection of new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) belonging to the AdLoad malware family. Adware may require specific co
Dark Surfing application is described as an app allowing users to switch their browser to dark mode. However, after testing the app, we found that it generates advertisements. Thus, our team has classified Dark Surfing as adware. Typically, users do not add (or install) adware on purpose - they ca
Jjyy is ransomware belonging to the Djvu family. Our team has discovered this ransomware while checking the VirusTotal site for recently submitted malware samples. We found that Jjyy encrypts files and appends ".jjyy" as their new extension. Also, it drops the "_readme.txt" file that contains a ra
Jjww is ransomware - malware that encrypts files. Also, it modifies filenames and drops the "_readme.txt" file (a ransom note). We discovered Jjww while examining malware samples submitted to VirusTotal. We also found that Jjww belongs to the Djvu ransomware family. Jjww renames files by appendin
After examining the defensivereaction[.]cfd page, we found that it is an untrustworthy page running a scam similar to "McAfee - Your PC is infected with 5 viruses!". Also, this site wants to show notifications. Our team has discovered defensivereaction[.]cfd while visiting and examining pages that