While analyzing malware samples submitted to VirusTotal, we discovered that Kool is a ransomware variant associated with the Djvu family. This malicious program encrypts files on the infected system and appends the ".kool" extension to their filenames. Additionally, it generates a "_README.txt" fi
While investigating suspect sites, our research team found the worldfreshjournal.com rogue page. It operates by endorsing browser notification spam and redirecting visitors to other (likely dubious/dangerous) websites. Users predominantly access worldfreshjournal[.]com and similar webpages via re
Our researchers discovered Taskbarify while inspecting questionable websites. According to the app's promotional material, it is a tool that allows users to modify and adjust their taskbar. However, after analyzing Taskbarify, we determined that it is a PUA (Potentially Unwanted Application) that
Based on its name, Text Ultra Edit appears to be a text editor application. However, our investigation uncovered that this app is installed alongside unwanted components and distributed through a dubious installer hosted on an unreliable webpage. Therefore, users are advised to remove Text Ultra E
Our research team discovered A Quote A Day while inspecting questionable sites. It is endorsed as a browser extension that displays famous quotes daily. A Quote A Day modifies browser settings to promote (via redirects) the aquoteaday-ext.com fake search engine. Due to this behavior, this extensio
Ande is the name of a loader-type malware. Its purpose is to infect systems with additional malicious software. The Ande loader has been used in campaigns carried out by a threat actor tracked as Blind Eagle (APT-C-36). These operations targeted Spanish speakers associated with the manufacturing
Our researchers discovered SmartViewer while investigating deceptive websites. The installer carrying SmartViewer that we inspected contained additional unwanted and potentially malicious software. Due to this and the dubious methods utilized in SmartViewer's proliferation, it is classed as a PUA
Our assessment of the PremierLeague Stats application showed that it operates as a browser hijacker. Its primary purpose is to force users to use a fake search engine. PremierLeague Stats hijacks browsers by changing their settings. It is recommended to remove apps like PremierLeague Stats from br
While browsing suspect pages, our researchers discovered remainawhile[.]com. This rogue webpage promotes deceptive content and spam browser notifications. It can also redirect users to other (likely untrustworthy or hazardous) sites. Users mainly access remainawhile[.]com and pages akin to it via
"Neoreklami" is a detection name used to identify adware, which is a type of software designed to inundate users with intrusive and often deceptive advertisements. It is important to note that adware detected as Neoreklami is often associated with other unwanted apps. Users should remove threats i