GootBot is a new variant of the GootLoader malware. It is used as a lateral movement tool. This malicious program is exceedingly lightweight and has an emphasis on stealth. Essentially, GootBot is implemented in the later stages of extensive attacks, wherein this software moves laterally through a
Jzeq is ransomware belonging to the Djvu family, and it has been discovered while inspecting samples submitted to the VirusTotal page. Jzeq blocks access to files by encrypting them, appends the ".jzeq" extension to filenames, and provides a ransom note ("_readme.txt"). For instance, it renames "1
While analyzing malware samples submitted to VirusTotal, we encountered a ransomware variant known as Jzie. Jzie has been crafted to encrypt files and alter their names by adding the ".jzie" extension. Additionally, Jzie generates a ransom note, which can be found in a file named "_readme.txt". J
While assessing the Photon Search browser extension, we observed its intention to promote a fake search engine by manipulating web browser settings, a behavior often known as browser hijacking. It is essential to note that browser hijackers like Photon Search are typically advertised through dubio
While inspecting dubious sites, our research team discovered the Qwik Ant browser extension. It is endorsed as a productivity tool for easy access to various popular platforms and services. Qwik Ant makes changes to browser settings to promote (via redirects) the search.qwikant.com illegitimate se
I AM Daily is a rogue extension that promises to provide "positive affirmation" to users whenever they open a new browser tab. This piece of software makes modifications to browser settings in order to generate redirects. Due to this behavior, I AM Daily is categorized as a browser hijacker.
Our researchers discovered the Bazaar Virtual browser extension during a routine investigation of dubious websites. This piece of software promises quick access to online clothes stores. However, our analysis revealed that Bazaar Virtual is a browser hijacker. This extension modifies browsers to
During our evaluation of the Finance Tab browser extension, we identified its intent to endorse a counterfeit search engine by altering web browser settings, a practice commonly referred to as browser hijacking. It is noteworthy that browser hijackers, such as the Finance Tab, are frequently promo
After conducting a thorough evaluation of the DeinocheirusMirificus application, it has become evident that this is an untrustworthy app with the capacity to access a broad spectrum of data and manage browser components. Moreover, it is distributed via a malicious installer. As a result, users are
While investigating new file submissions to VirusTotal, our research team discovered yet another ransomware from the MedusaLocker family – titled Zombi. This malicious program encrypts data and demands ransoms for its decryption. It targets large entities (companies, organizations, etc.) rather t