Witch is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Once executed, Witch locks files by encrypting them and renames them by adding the ".witch" extension. For instance, it renames "1.jpg" to "1.jpg.witch" and "2.png" to "2.png.witch". Also, this ransomwar
We have inspected Ad Dimmer and found that it is a browser extension promoted as a tool for dimming advertisements on websites. However, our analysis has revealed that it can show ads and collect information. Thus, we classified Ad Dimmer as adware. Users should avoid adding adware-type extensions
Our team has examined the email and determined that it is a fake notification claiming to be from the email service provider. The scammers behind it seek to steal personal information via a deceptive website. Usually, victims of such scams risk losing access to their personal accounts and experien
KarstoRAT is a remote access Trojan (RAT) that enables threat actors to steal information, execute commands, and perform other malicious actions on the infected device. The RAT disguises its command-and-control traffic as legitimate security software to avoid suspicion and uses persistence techniq
Our analysis shows that Osa is ransomware from the Makop family. We discovered this ransomware while analysing samples uploaded to VirusTotal. Once a device is infected, Osa encrypts files, appends its extension to files (".osa") along with the victim's ID and an email address, and creates a ranso
This article describes how cybercriminals abuse a legitimate remote administration tool called Teramind for malicious purposes. Remote access tools allow users to control or access a device from another location over the internet. When used by cybercriminals, they can secretly access a victim's de
We have examined the Zap PDF application and found that it is advertised as a tool for converting files. However, the app is flagged as malicious by multiple security vendors and can make adjustments in browser settings (it can hijack a browser). Installing Zap PDF can result in privacy and securi
We have inspected the email and concluded that scammers behind it seek to trick recipients into believing that it is a quarantine report from the email service provider. The email contains a link to a fake website designed to steal personal information. Victims of this scam may lose access to thei
Upon testing locate.oculabase.com, we found that it is a fake search engine promoted through an extension designed to hijack web browsers. This fake search engine does not generate results. Instead, it redirects users to other sites that may include fraudulent pages. The extension promoting locate
We have inspected the email and concluded that it is a phishing message posing as an authentication notice from the email provider. Its goal is to lure recipients into sharing personal data on a fraudulent website. Victims of this scam may encounter issues such as account hijacking and additional