Our analysis shows that OriginalAccessibility exhibits characteristics commonly associated with adware. It is designed to bombard users with intrusive advertisements. These ads can expose users to various scams and other online threats. It is also worth noting that multiple security vendors flag
OtterCookie is a piece of malicious software designed to steal information. This program has several variants, and it has been around since at least the autumn of 2024. Attacks involving OtterCookie have been linked to North Korean threat actors. This malware has been leveraged against targets as
Our team has discovered a ransomware variant based on Prince ransomware, called Hunter, during analysis of malware samples submitted to VirusTotal. Hunter encrypts data and appends the ".Hunter" extension to files. Also, it drops a ransom note ("Decryption Instructions.txt") and changes the deskto
We have tested pdf2docs.com and found that it is supposed to provide search results, but it is actually a fake search engine. Our other finding is that pdf2docs.com is promoted through an extension (PDF2DOCS) that functions as a browser hijacker. Overall, pdf2docs.com and the associated extension
Our analysis of the email revealed that it is a phishing email. It is crafted to appear as a notification from DHL (a multinational logistics company). The goal of this scam is to lure unsuspecting recipients into opening a fake web page and disclosing personal information. Such emails should be i
"Norton Subscription Payment Has Failed" is a scam that our researchers found during a routine inspection of suspect websites. It warns users that their anti-virus subscription has expired and cannot be renewed. It must be emphasized that these claims are false, and this scam is not associated wi
While analyzing the "Login Tab - Faster access to favorite sites" browser hijacker, our researchers discovered the login-tab.com webpage. It is a fake search engine that cannot provide search results and redirects to legitimate Internet websites. Browser hijackers promote sites of this kind (via
REDKAW is ransomware designed to encrypt data and append its extension (".redkaw") to files. For instance, it changes "1.jpg" to "1.jpg.redkaw", "2.png" to "2.png.redkaw", and so forth. Also, REDKAW provides a ransom note, "HOW-TO-FIX.txt". The note includes contact and payment information. Sc
Our research team discovered the risotoska.co[.]in webpage while inspecting suspect sites. After examining this page, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy/malicious) sites. The majority of visitors to risotoska.co[.]in and si
Our team discovered Hitler_77777 while analyzing malware samples uploaded to VirusTotal. This ransomware is identical to TRUST FILES. It encrypts files and modifies filenames. Hitler_77777 appends the victim's ID, a Telegram ID, and its extension (four ransom characters) to files. Also, Hitler_77