Crypto is ransomware belonging to the MedusaLocker family. It has been discovered during the analysis of samples on the VirusTotal website. Once on the system, Crypto encrypts files, changes filenames of all encrypted files, and leaves a ransom note ("How_to_back_files.html"). Crypto alters filen
Our researchers discovered the Horoscope Harmony browser extension while inspecting deceptive sites. It promises to provide easy access to horoscopes. After examining this extension, we determined that it is a browser hijacker. Horoscope Harmony makes changes to browser settings in order to promo
Upon examination, it has been determined that the purpose of this email is to lure recipients into opening the attached file and entering personal information. This email is disguised as a letter from American Express - a legitimate bank holding company. Emails of this type are known as phishing e
While analyzing malware samples on VirusTotal, we have found a ransomware variant called Ptqw. This ransomware encrypts files and changes filenames by adding the ".ptqw" extension. Additionally, Ptqw creates a ransom note that can be found in a file named "_readme.txt". Ptqw modifies filenames as
In a thorough analysis of the samples submitted to VirusTotal, we identified the presence of the Pthh ransomware, a member of the Djvu family. This malicious program is responsible for encrypting data and appending the ".pthh" extension to the files it affects. Once the encryption process is final
Our research team discovered the news-nosate[.]com rogue webpage while investigating dubious sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) websites. Users primarily access news-nosate[.]com and webpages akin to it via redirects c
While investigating deceptive sites, our researchers discovered the Sebux rogue browser extension. After analyzing this piece of software, we determined that it is adware. Sebux runs intrusive advertisement campaigns and spies on users' browsing activity. Adware stands for advertising-supp
Our researchers discovered the stoneheartseeker[.]top rogue page during a routine inspection of questionable websites. It is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/harmful) sites. Most users enter webpages like stoneheartseeker[.]top via red
While inspecting suspect websites, our research team discovered the Extreme Sports Wallpapers browser extension. It promises to display extreme sports themed browser wallpapers. After investigating this extension, we learned that it is a browser hijacker. Extreme Sports Wallpapers modifies browser
After inspecting the "You Have Received An Encrypted Document" email, we determined that it is spam. This letter makes false claims about a document shared with the email recipient. The goal is to trick them into visiting a phishing site presented as a sign-in page. The email with the subj