While browsing untrustworthy websites, our researchers discovered Horoscope Ext. This browser extension promises quick access to horoscopes and other astrology-related topics. On our test machine, Horoscope Ext altered browser settings and generated redirects. Due to this behavior, we determined t
During a routine inspection of new file submissions to the VirusTotal site, our researchers discovered the InitialClick app. Upon examination, we learned that this piece of software is adware belonging to the AdLoad malware family. InitialClick operates by delivering intrusive advertisement camp
Spock is the name of an information-stealing malware. This malicious program can extract sensitive data from devices and exfiltrate files. If the Spock stealer has been detected on a system, immediate removal is crucial. After infecting a machine, the Spock stealer begins collecting releva
VietCredCare, an information-stealing tool previously unidentified, has been circulating since at least August 2022. This software, distributed through a stealer-as-a-service model, is believed to be managed by individuals proficient in Vietnamese. Typically, malware of this type is utilized for h
Xehook is a stealer written in the C# programming language. It is an incredibly lightweight program, ranging between 140-160 KB in size. This data-stealing malware was unveiled in late January 2024, which closely coincides with a public share of the code for restoring dead cookies on the Google Ch
When examining foupeethaija[.]com, we noted that it displays deceptive content (uses clickbait) to lure visitors into consenting to receive notifications from the page. Also, foupeethaija[.]com can redirect users to other websites. Thus, it is strongly recommended that users do not trust foupeetha
Our researchers discovered the Taliban Skull ransomware while reviewing new malware submissions to VirusTotal. This ransomware is designed to encrypt data and demand payment for the decryption. After we executed a sample of Taliban Skull on our testing system, it encrypted files and altered their
When examining malware samples submitted to the VirusTotal website, we discovered a ransomware variant known as Bl00dyAdmin. This ransomware encrypts data and renames encrypted files by appending the ".CRYPT" extension. Also, Bl00dyAdmin creates the "Read_instructions_To_Decrypt.txt" file containi
During our examination of the Wappo.app application, it was discovered that it functions as adware. Also, this app is part of the Pirrit family. Upon installation, Wappo.app exhibits bothersome and potentially deceptive advertisements. Additionally, this application may possess the ability to ac
XznShirkiCry is ransomware that we discovered while inspecting malware samples submitted to VirusTotal. XznShirkiCry is designed to encrypt data, append a specific extension to filenames, change the desktop wallpaper, and create a ransom note ("read_me.txt"). XznShirkiCry appends ".locked[payrans