While investigating deceptive sites, our researchers discovered an installation setup promoting the K Searches browser extension. Our examination revealed that this extension is a browser hijacker. It manipulates browser settings to endorse (via redirects) the ksearches.com fake search engine. It
During a routine investigation of untrustworthy websites, our researchers discovered the "Norton - Your PC Is Infected With 18 Viruses!" scam. Presented as the Norton anti-virus, this scheme claims to detect multiple infections on users' devices. Typically, scams of this kind are used to promote u
Editbot is a piece of malicious software capable of extracting vulnerable information from infected devices. Targeted data includes browsing information, Internet cookies, log-in credentials, and other sensitive details. This stealer is written in the Python programming language. Editbot has been
MrAnon is the name of an information-stealing malware written in the Python programming language. This stealer has a variety of data-extracting capabilities and targets information from browsers, cryptocurrency wallets, messengers, and other applications. At the time of writing, MrAnon's develope
Upon careful examination, it is noted that YTube AdSkipper exhibits unwanted advertisements and possesses the ability to read and modify data on all pages. Applications with these characteristics fall under the category of adware. Ironically, YTube AdSkipper is marketed as a tool intended to facil
NineRAT is a Remote Administration Trojan (RAT) written in the DLang programming language. This RAT is used by a group of threat actors known as Lazarus. RAT is a type of malware that allows unauthorized remote access to a victim's computer, enabling cyber attackers to control the system, potentia
DLRAT, a malware built using the DLang programming language, operates as both a Remote Access Trojan (RAT) and a downloader. RATs, in general, are crafted to enable unauthorized remote access and control over compromised computers. DLRAT is known to be employed by a cybercrime group known as Lazar
"HackTool:Win32/Crack" is a generic detection name used by a multitude of security engines and vendors for software "cracks". "Cracks" are illegal tools utilized for "cracking" program protection; this includes bypassing the product's security measures, implementing a stolen activation key or fak
LogarithmicProcess is the name of a rogue application that we discovered while inspecting new submissions to the VirusTotal website. Our analysis revealed that this app is advertising-supported software (adware). LogarithmicProcess is part of the AdLoad malware family. It operates by running in
BottomLoader is a DLang-based malware downloader that plays a role in the initial stages of a cyber attack by facilitating the retrieval and execution of subsequent malicious payloads. This malware is designed to deliver additional malware or tools onto the compromised system, expanding the attack