During our examination of the OCEANS malware, we found that it operates as ransomware. Once a computer is compromised, OCEANS encrypts files and appends four random characters to filenames. Also, OCEANS ransomware changes the desktop wallpaper and generates a ransom note ("OPEN_THIS.txt"). We dis
During our examination of eusblog[.]com, we discovered that it is a deceptive web page created to trick visitors into permitting it to send notifications. In addition to displaying deceptive content, eusblog[.]com redirects visitors to similar websites. Thus, users should not trust eusblog[.]com o
After investigating the "American Express Card Deactivation" email, we determined that it is fake. This spam mail aims to steal recipients' American Express accounts by falsely claiming that their cards have been temporarily deactivated. It must be emphasized that this phishing email is in no way
While inspecting a rogue browser extension called Wonders Tab, we discovered the wonderstab.com fake search engine. This extension changes browser settings to endorse (via redirects) the wonderstab.com site. Due to this behavior, Wonders Tab is considered a browser hijacker. Browser hijack
Veza is a ransomware variant from the Djvu family that we discovered during analysis of malware samples uploaded to VirusTotal. We found that apart from encrypting files, Veza appends the ".veza" extension to filenames and generates a text file ("_readme.txt") containing a ransom note. It is also
Our researchers found GhosHacker ransomware while inspecting new submissions to the VirusTotal platform. This malicious program is identical to BlackSkull ransomware. Malware within this classification encrypts data and demands ransoms for its decryption. On our test machine, GhosHacker encrypted
During our analysis of search-it-now.com, we found that it operates as a fake search engine. This fake search engine is identical to searchmarquis.com. It is worth noting that sites like search-it-now.com are often promoted via browser hijackers that change the settings of web browsers.
Our research team discovered OPIX while investigating new submissions to the VirusTotal website. This malicious program is ransomware – it encrypts files and demands ransoms for their decryption. Once OPIX was launched on our test machine, it encrypted files and changed their filenames. Original
During our inspection of samples on VirusTotal, we discovered a ransomware variant known as EDHST. This malware encrypts files, appends the ".EDHST" extension to filenames, and creates the "HOW TO RECOVER YOUR FILES.txt" file (a ransom note). An example of how EDHST renames files: it changes "1.jp
After examining kokojumjumbobo[.]top, we determined it to be an untrustworthy website employing clickbait tactics to gain permission to send notifications. The site presents misleading content to deceive users into granting such permission. Additionally, kokojumjumbobo[.]top might redirect users t