Our research team discovered the SkilledAccess adware while checking out new submissions to the VirusTotal website. After analyzing this piece of software, we determined that it is adware from the AdLoad malware family. SkilledAccess operates by running intrusive advertisement campaigns.
While browsing suspicious sites, our researchers found a webpage promoting the "Threat Detected: xxbc Detected" technical support scam. Schemes of this kind claim that visitors' devices are infected or otherwise in danger and urge them to call bogus support lines. Once the scammers are contacted,
MINIBUS is a backdoor malware developed in C++, offering a range of capabilities such as extracting files, executing commands, communicating with cloud infrastructure, and more. Once activated, it grants cybercriminals unauthorized access to infected computers. MINIBUS acts as a backdoor,
MINIBIKE is a sophisticated backdoor malware crafted in C++, featuring a suite of functionalities such as file exfiltration, command execution, and communication with cloud infrastructure. Upon infiltration, it grants cybercriminals unauthorized access to compromised computers. MINIBIKE's
Ysearcher.com is the address of a fake search engine. These pages typically cannot provide search results and redirect to legitimate Internet search websites. Fraudulent search engines are usually promoted (via redirects) by browser hijackers. Software within this classification tends to alter br
In our evaluation of the email, it has become evident that it is authored by scammers with the intention of deceiving recipients into divulging sensitive information. Disguised as a notification from OneDrive, the email includes a link to a fraudulent webpage. Such emails are commonly referred to
LockBit 4.0 is a new variant of the LockBit ransomware. This version was released in February 2024, the same month law enforcement agencies arrested two LockBit operators. Five days following the breach, the threat actors released a statement regarding restructuring and intentions to continue oper
In the course of our inspection of malware samples on VirusTotal, we came across a ransomware variant dubbed Frea. As a rule, malware of this type encrypts files and demands payment for decryption. In addition to encrypting files, Frea appends its extension to filenames (".frea"), provides a ranso
During our examination of the updates-mac[.]com page, we noted its practice of displaying deceptive content to persuade visitors to grant permission for notifications. Such websites, including updates-mac[.]com, should not be trusted, as their notifications may direct users to potentially harmful
During our examination of the Words Finder browser extension, we discovered that it compels users to visit wordsfinder.xyz by altering the settings of their web browser. This action constitutes browser hijacking. It is advisable for users to remove applications like Words Finder from hijacked brow