During our examination of the Quick tail application, we observed its ability to manipulate web browsers by implementing specific modifications to their settings. These types of applications fall under the category of browser hijackers. Usually, browser hijackers are promoted and distributed using
While investigating new submissions to VirusTotal, our researchers discovered another Phobos ransomware called Kmrox. Malware within the ransomware category is designed to encrypt data and demand payment for its decryption. On our testing machine, Kmrox encrypted files and changed their filenames
Payola is ransomware designed to encrypt data, append the ".Payola" extension to filenames, change the desktop wallpaper, and create a ransom note ("Recovery_Guide.html"). An example of how Payola renames files: it changes "1.jpg" to "1.jpg.Payola", "2.png" to "2.png.Payola", and so forth. Scr
After examining the Search101 browser extension, it became apparent that its purpose is to serve as a browser hijacker, with the goal of promoting find.dnavigate-now.com, a fake search engine. Search101 modifies the settings of a web browser, effectively taking control of it. It is important to h
During the analysis of malware samples submitted to VirusTotal, our team encountered the Wzer ransomware, which is associated with the Djvu family. Upon infecting a computer, Wzer encrypts a range of files and appends the ".wzer" extension to their original filenames. For instance, a file named "1
ManagerUnit is an adware-type application that we discovered while reviewing new file submissions to the VirusTotal site. This app belongs to the AdLoad malware family. ManagerUnit is designed to run intrusive advertisement campaigns. This app feeds users with unwanted and deceptive ads.
"Request To Deactivate Your Email Account" is a phishing scam. This fake letter claims that the recipient's request to deactivate their email account has been received and will be processed. This spam mail aims to extract victims' log-in credentials as they attempt to stop the alleged deactivation
Our research team found the AssuranceForcast app during a routine investigation of new file submissions to the VirusTotal website. After inspecting this piece of software, we learned that it is adware. AssuranceForcast is part of the AdLoad malware family. This application is designed to generat
While inspecting deceptive websites, our researchers discovered the My Weather Tab browser extension. Our examination revealed that this extension operates as browser-hijacking software. It makes alterations to browser settings in order to promote (via redirects) the myweathertab.xyz fake search e
After inspecting the "Queued Messages Notification" email, we determined that it is spam promoting a phishing scam. The letter claims that messages are pending delivery to the recipient's mailbox. Supposedly, the email account must be verified by signing in through the endorsed phishing site.