During our examination of malware samples uploaded to VirusTotal, we discovered a ransomware variant known as SRC. We found that this ransomware variant belongs to the Makop family. Upon infiltration, SRC encrypts files, appends the victim's ID, restoreBackup@cock.li email address, and the ".SRC"
Color-picker-tab.com is the address of a fake search engine. We found this site while investigating a browser extension named – color-picker-tab. This extension makes changes to browser settings to promote (via redirects) the color-picker-tab.com webpage. This behavior categorizes color-picker-tab
While inspecting the Random Year Fact browser extension, we discovered the random-year-facts.com fake search engine. This extension supposedly provides random facts for a specific year. However, Random Year Fact makes alterations to browser settings in order to generate redirects that land on the
Chuck-norris-tab.com is the address of a fake search engine that we discovered while investigating a browser hijacker called – Chuck Norris Tab. This rogue software is endorsed as an extension providing Chuck Norris "facts". However, Chuck Norris Tab modifies browsers to promote (through redirects
While investigating a Torrenting website that uses rogue advertising networks, we found a deceptive page promoting an installer containing the CyberSound AudioDirector PUA (Potentially Unwanted Application). Apps within this classification typically have harmful capabilities. Furthermore, this in
Our inspection of psormonsh[.]com has uncovered that this is a deceptive website designed to lure users into agreeing to receive its notifications. To achieve this, psormonsh[.]com uses a clickbait technique. Additionally, psormonsh[.]com may redirect visitors to other sites of this kind. Thus, us
Gym-newtab.com is a fake search engine that we found while inspecting the Gym New Tab browser hijacker. It modifies browser settings to generate redirects to the gym-newtab.com site. We discovered this rogue browser extension promoted on a deceptive webpage. However, Gym New Tab might infiltrate
EMBARGO is ransomware, a type of malware that encrypts files on the infected device. Also, it appends a random extension to filenames and creates a ransom note "HOW_TO_RECOVER_FILES.txt". An example of how EMBARGO modifies filenames: it renames "1.jpg" to "1.jpg.564ba1", "2.png" to "2.png.564ba1",
While investigating new file submissions to the VirusTotal platform, our researchers discovered the Anyv ransomware. Malicious software within this classification encrypts data and demands payment for its decryption. On our testing system, Anyv encrypted files and appended their filenames with a
We have tested search.media-tab.com and found that it is a fake search engine. This fake search engine is promoted via an extension called Vids Tab, which is a browser hijacker. The app promoting search.media-tab.com hijacks a browser by changing its settings. Affected users should remove the Vids