Ymir is a ransomware-type program. It operates by encrypting files (using ChaCha20 cryptographic algorithm) and demanding ransoms for the decryption. The filenames of files locked by Ymir are altered by being appended with an extension comprising a random character string. For example, a file ini
Our examination of SpeedyLook has revealed that it is an unreliable browser extension designed to hijack a web browser by changing its settings. This extension forces users to visit guardflares.com. Additionally, SpeedyLook enables the "Managed by your organization" setting (in Chrome browsers).
We have analysed this email and found that it is a scam email designed to appear like a notification from an email service provider. This email contains a link to a phishing website designed to steal personal information. Recipients should ignore such emails and know how to recognize them.
Our examination of the site (testme.mefoundaiton[.]xyz) has shown that it is a deceptive platform offering individuals to claim $testME tokens. The true purpose of this web page is to steal cryptocurrency from victims. Therefore, this and similar sites should be avoided. IMPORTANT NOTE: We d
RunningRAT is a Remote Access Trojan (RAT) that was known for stealing sensitive information from victims. Now, cybercriminals are using it to distribute cryptocurrency miners. RunningRAT is likely to lead to higher electricity costs and hardware damage for victims. Thus, it should be removed from
Upon examination, we determined that the Ultra Button browser extension is adware. Software within this classification is designed to generate revenue for its developers/publishers through advertising. Additionally, Ultra Button collects a variety of sensitive information. Typically, adwar
Predatorwallpaper.com is the address of a fake search engine that we discovered while investigating the Predator Search browser hijacker. It modifies browser settings to cause redirects to this search engine, which cannot provide search results. It is pertinent to mention that predatorwallpaper.c
SteelFox is a trojan – specifically, a malware bundle with its primary components including a data stealer and cryptocurrency miner. SteelFox infiltrates systems through a sophisticated infection chain. This trojan has been around since at least 2023, and it was noted being proliferated under the
Fake Virtuals Protocol website refers to a site imitating the Virtuals Protocol platform (virtuals.io). It is a scam that lures users into connecting their digital wallets to a cryptocurrency drainer. We found this scheme on app-virtual.pages[.]dev, but it could be promoted on other domains. Vict
Our team has tested the Advanced Ad Blocker extension and found that it can generate unwanted advertisements. Thus, we classified Advanced Ad Blocker as adware. Users often are tricked into installing adware on their computers or adding adware-type extensions to their browsers. It is advisable to