Shiny Tab is a rogue browser extension promising various functionalities, such as browser wallpapers, light/dark and fullscreen modes. When we analyzed this piece of software, we observed it modifying browser settings and promoting the search.shinytab.com fake search engine. This behavior classifi
Detected when our research team was investigating untrustworthy websites, gapscult[.]com is a rogue page designed to load dubious content, promote spam browser notifications, and redirect visitors to other suspect/malicious sites. Websites like gapscult[.]com are typically accessed via others that
Laposada is the name of a ransomware-type program our researchers found when doing a routine check into new VirusTotal submissions. When we ran the sample on our test machine, the malware encrypted files and appended them with a ".laposada-bfkruyz" extension. For example, a file originally named
NetworkBeta is the name of a rogue application. After testing a sample, we have determined that it is an adware-type app belonging to the AdLoad malware family. While we have not observed NetworkBeta using browser hijacker abilities, our experience with AdLoad applications lets us presume that i
We have tested the CoolMapSearch application and learned that it is a browser hijacker that changes the web browser's settings to promote the coolmapsearch.com address (a fake search engine). Our team has analyzed plenty of browser-hijacking apps and noticed that a big part of them is promoted/dis
While analyzing the Mercurial grabber, we have found that it is a piece of malware that steals browser data and files from Minecraft and Discord. We also learned that Mercurial grabber is written in C# programming language and uses a simple anti-debugging technique to avoid being analyzed/detected
NARUMI is the name of a ransomware-type program, which our researchers found when reviewing new malware submissions on VirusTotal. When testing the sample, we learned that this ransomware encrypts files (renders them inaccessible) and renames their filenames by appending them with a ".NARUMI" ext
Centredirect[.]net is a deceptive website that has been discovered by our team while testing various torrent, illegal streaming, and similar pages (websites that use rogue advertising networks). We found that the purpose of centredirect[.]net is to trick visitors into allowing it to display notifi
We have discovered the Chrome Protect — Smart Search application while examining various deceptive websites (a screenshot of one of these pages can be found below). After downloading and executing its installer, we have noticed that it has hijacked a web browser by changing its settings. W
We have analyzed the Asistchinadecryption ransomware (which was discovered by our malware researchers while examining samples submitted to VirusTotal) and discovered that it encrypts files and appends ".asistchinadecryption" and the victim's ID to filenames. For example, Asistchinadecryption rena