Upon a detailed analysis of the CucurbitaPepo browser extension, it has become evident that this extension is unreliable. CucurbitaPepo is disseminated through a malicious installer and contains functionalities that include reading data and managing various Chrome browser settings and other compon
StyleServ is a backdoor-type malware. Programs within this classification are designed to essentially prepare a system for further infiltration and/or carry out the second stage of the infection (i.e., download/install additional malicious programs or components). While StyleServ's exact purpose i
Cute Goats Tab, initially marketed as a Chrome extension intended to provide users with charming images of various goat species on their browser's new tab, hides a deceptive character. Unfortunately, it functions as a browser hijacker, actively endorsing track.clickcrystal.com, resulting in unwelc
During a routine investigation of new file submissions to the VirusTotal platform, our research team found the MesaCorp ransomware. This malicious program is based on the Chaos ransomware. MesaCorp is designed to encrypt files and demand ransoms for their decryption. On our test machine, this mal
While checking out suspicious sites, our research team discovered the news-gavewe.com rogue webpage. It is designed to promote spam browser notifications and redirect users to different (likely dubious/malicious) websites. Visitors to news-gavewe[.]com and similar pages access them primarily thro
Crypto is ransomware belonging to the MedusaLocker family. It has been discovered during the analysis of samples on the VirusTotal website. Once on the system, Crypto encrypts files, changes filenames of all encrypted files, and leaves a ransom note ("How_to_back_files.html"). Crypto alters filen
Our researchers discovered the Horoscope Harmony browser extension while inspecting deceptive sites. It promises to provide easy access to horoscopes. After examining this extension, we determined that it is a browser hijacker. Horoscope Harmony makes changes to browser settings in order to promo
Upon examination, it has been determined that the purpose of this email is to lure recipients into opening the attached file and entering personal information. This email is disguised as a letter from American Express - a legitimate bank holding company. Emails of this type are known as phishing e
While analyzing malware samples on VirusTotal, we have found a ransomware variant called Ptqw. This ransomware encrypts files and changes filenames by adding the ".ptqw" extension. Additionally, Ptqw creates a ransom note that can be found in a file named "_readme.txt". Ptqw modifies filenames as
In a thorough analysis of the samples submitted to VirusTotal, we identified the presence of the Pthh ransomware, a member of the Djvu family. This malicious program is responsible for encrypting data and appending the ".pthh" extension to the files it affects. Once the encryption process is final