Upon inspecting dealsearcherpro.com, we concluded it is not a legitimate search engine. It is distributed through the Deal Search Pro extension, which acts as a browser hijacker. Using questionable search engines, especially those promoted through browser hijackers, can expose users to various onl
We have reviewed the email and found that it is designed to appear official and trick recipients into opening the attached file. This scam email is designed to steal information through a fake login form. Such messages are classified as phishing attempts, and falling for them can result in account
We have tested locate.webnavigatorhub.com and found that it is a fake search engine. Our other findings are that it is promoted via Search Safely in Chrome, an extension that operates as a browser hijacker. Using fake search engines and browser hijackers can compromise privacy. Users should remove
Witch is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Once executed, Witch locks files by encrypting them and renames them by adding the ".witch" extension. For instance, it renames "1.jpg" to "1.jpg.witch" and "2.png" to "2.png.witch". Also, this ransomwar
We have inspected Ad Dimmer and found that it is a browser extension promoted as a tool for dimming advertisements on websites. However, our analysis has revealed that it can show ads and collect information. Thus, we classified Ad Dimmer as adware. Users should avoid adding adware-type extensions
Our team has examined the email and determined that it is a fake notification claiming to be from the email service provider. The scammers behind it seek to steal personal information via a deceptive website. Usually, victims of such scams risk losing access to their personal accounts and experien
KarstoRAT is a remote access Trojan (RAT) that enables threat actors to steal information, execute commands, and perform other malicious actions on the infected device. The RAT disguises its command-and-control traffic as legitimate security software to avoid suspicion and uses persistence techniq
Our analysis shows that Osa is ransomware from the Makop family. We discovered this ransomware while analysing samples uploaded to VirusTotal. Once a device is infected, Osa encrypts files, appends its extension to files (".osa") along with the victim's ID and an email address, and creates a ranso
This article describes how cybercriminals abuse a legitimate remote administration tool called Teramind for malicious purposes. Remote access tools allow users to control or access a device from another location over the internet. When used by cybercriminals, they can secretly access a victim's de
We have examined the Zap PDF application and found that it is advertised as a tool for converting files. However, the app is flagged as malicious by multiple security vendors and can make adjustments in browser settings (it can hijack a browser). Installing Zap PDF can result in privacy and securi