ProfessionalView is a rogue application that we discovered while reviewing new file submissions to the VirusTotal website. Upon examination, we determined that this app is advertising-supported software (adware). ProfessionalView is part of the AdLoad malware family. Adware is designed t
2023lock is a ransomware-type program. This malicious program is designed to encrypt data and demand ransoms for its decryption. On our testing machine, 2023lock encrypted files and appended their filenames with a ".2023lock" extension. For example, a file originally titled as "1.jpg" appeared as
Discovered by Group-IB, GoldPickaxe is a trojan. This malware has two variants – an Android and an iOS version. The trojan targets information, but most importantly, it seeks biometrics – specifically facial recognition data. GoldPickaxe is used by a sophisticated threat actor dubbed GoldFactory.
In our evaluation of the ExpandedControl application, we found that it showcases intrusive advertisements, prompting us to categorize it as adware. It is important to mention that software falling into this classification frequently has the capability to collect various types of data. Th
During our assessment of the ResolutionRanking application, we discovered that it displays intrusive advertisements, leading us to classify it as adware. It is worth noting that software in this category often possesses the ability to gather diverse forms of information. The types of ads
Greenbean is the name of a banking trojan. It is designed to infect Android operating systems. This malicious program has been around since at least 2023. As its classification implies, this trojan seeks banking and other finance-related information. There is evidence suggesting that Greenbean tar
GoBear is a backdoor malware crafted in the Go language and authenticated with a legitimate D2innovation Co.,LTD certificate. This insidious threat operates by executing malicious commands received from a Command and Control (C&C) server. Notably, GoBear enhances its capabilities by integratin
Written in Go language, Troll is a piece of malware that specializes in stealing sensitive information from infected computers. This malware operates through a multi-faceted approach, initially infiltrating systems via a deceptively innocent facade - a dropper masquerading as a benign security pro
"Win32/OfferCore" (or simply "OfferCore") is a generic detection name used by many security vendors to track bundled setups. Basically, bundlers refer to installers containing several pieces of software. Bundled setups may comprise a single legitimate program with untrustworthy additions or only u
Our analysis of the Press-Tab browser extension showed that it promotes press-tab.com by modifying the browser settings, a tactic known as browser hijacking. It is crucial to note that users often unintentionally add extensions like Press-Tab to their browsers. Pretty often, browser hijackers are