While analyzing an untrustworthy installer obtained from an unreliable website, we came across the AnkylosaurusMagniventris browser extension. The investigation revealed troubling attributes linked to this extension, including its capacity to enable the "Managed by your organization" setting in th
LostTrust is the name of a ransomware variant discovered by us while examining malware samples submitted to VirusTotal. The purpose of LostTrust is to encrypt data to make it inaccessible to victims. Also, LostTrust appends the ".losttrustencoded" extension to filenames and delivers a ransom note
While investigating deceptive sites, we discovered an installer containing the NXD Fix browser extension. This piece of software is classified as a browser hijacker. However, NXD Fix does not operate as a standard hijacker, i.e., it does not modify browser settings and does not routinely redirect
Upon examining notif-next[.]com, it has been discovered that the main purpose of this site is to trick unsuspecting visitors into allowing it to send them notifications. Additionally, notif-next[.]com may redirect visitors to other (potentially harmful) websites. For these reasons, users should no
After assessing the News Directory application, it has been established that its primary function is to operate as a browser hijacker with the aim of promoting a legitimate search engine. This extension hijacks a web browser by changing its settings. Users often add browser hijackers without knowi
Our research team discovered the ChatGPT Check browser extension while investigating untrustworthy websites. We found a page pushing an installation setup containing this extension and ChatGPT Check's "official" promotional page. The latter described it as a tool for those who do not want to crea
Apocalipse is a malicious program based on Chaos ransomware. Our researchers discovered it while investigating new submissions to the VirusTotal platform. Malware within the ransomware classification is designed to encrypt data and demand payment for its decryption. On our test machine, Apocalips
Virtual Piano New Tab is a rogue browser extension. It is promoted as a virtual piano widget for browsers. After analyzing this piece of software, we determined that it is a browser hijacker. This extension makes changes to browser settings in order to endorse (via redirects) the find.vnav-web.com
After analyzing the "Cloud Voicemail" email, we determined that it is spam. The fake letter notifies the recipient of a voicemail that they have been sent. The voice message is supposedly in the attached file. The attachment is a phishing file that imitates the recipient's email sign-in page. Henc
While inspecting new submissions to the VirusTotal website, our researchers discovered the Deep ransomware-type program. It is part of the Phobos ransomware family. Deep (Phobos) operates by encrypting data to demand payment for its decryption. On our test machine, this ransomware encrypted files