Our research team discovered the GoTiS ransomware during a routine investigation of new submissions to the VirusTotal website. This malicious program is part of the Xorist ransomware. This malware encrypts data and demands ransoms for its decryption. On our testing system, GoTiS encrypted files a
ObjCShellz is a newly discovered macOS malware associated with the BlueNorOff hacking group. This malware is specifically designed to target macOS devices. What sets ObjCShellz apart is its capability to open remote shells on compromised macOS systems, enabling unauthorized access and control ov
GootBot is a new variant of the GootLoader malware. It is used as a lateral movement tool. This malicious program is exceedingly lightweight and has an emphasis on stealth. Essentially, GootBot is implemented in the later stages of extensive attacks, wherein this software moves laterally through a
Jzeq is ransomware belonging to the Djvu family, and it has been discovered while inspecting samples submitted to the VirusTotal page. Jzeq blocks access to files by encrypting them, appends the ".jzeq" extension to filenames, and provides a ransom note ("_readme.txt"). For instance, it renames "1
While analyzing malware samples submitted to VirusTotal, we encountered a ransomware variant known as Jzie. Jzie has been crafted to encrypt files and alter their names by adding the ".jzie" extension. Additionally, Jzie generates a ransom note, which can be found in a file named "_readme.txt". J
While assessing the Photon Search browser extension, we observed its intention to promote a fake search engine by manipulating web browser settings, a behavior often known as browser hijacking. It is essential to note that browser hijackers like Photon Search are typically advertised through dubio
While inspecting dubious sites, our research team discovered the Qwik Ant browser extension. It is endorsed as a productivity tool for easy access to various popular platforms and services. Qwik Ant makes changes to browser settings to promote (via redirects) the search.qwikant.com illegitimate se
I AM Daily is a rogue extension that promises to provide "positive affirmation" to users whenever they open a new browser tab. This piece of software makes modifications to browser settings in order to generate redirects. Due to this behavior, I AM Daily is categorized as a browser hijacker.
Our researchers discovered the Bazaar Virtual browser extension during a routine investigation of dubious websites. This piece of software promises quick access to online clothes stores. However, our analysis revealed that Bazaar Virtual is a browser hijacker. This extension modifies browsers to
During our evaluation of the Finance Tab browser extension, we identified its intent to endorse a counterfeit search engine by altering web browser settings, a practice commonly referred to as browser hijacking. It is noteworthy that browser hijackers, such as the Finance Tab, are frequently promo