While analyzing malware samples uploaded to the VirusTotal website, we discovered ransomware dubbed AnonTsugumi. This malicious program encrypts files, appends the ".anontsugumi" extension to the filenames of the affected files, changes the desktop wallpaper, and provides a ransom note ("README.tx
While examining the Gamelogger for Windows application (also known as OA Previewer), we identified that its installation package includes additional questionable elements. Additionally, we were unable to ascertain the specific functionality of Gamelogger for Windows. Consequently, we have categori
While examining highpotencyguard[.]com, we discovered that the purpose of this page is to trick visitors into believing that their computers are infected. Also, highpotencyguard[.]com aims to receive permission to send notifications. It is important to note that users often land on sites like high
Alltimebestdefender[.]com is a rogue webpage that we discovered while inspecting suspect sites. This page is designed to host scams and promote browser notification spam. It can also redirect visitors to different (likely untrustworthy/harmful) websites. Most users enter webpages like alltimebest
While investigating questionable websites, our researchers discovered a deceptive page endorsing an installer containing the Zodiac Search browser extension. It is promoted as a tool for easy access to horoscopes. Our analysis of Zodiac Search revealed that it is a browser hijacker. This extensio
Our research team found the lifepcessentials[.]com rogue page while checking out untrustworthy websites. It runs online scams and pushes browser notification spam. Additionally, this webpage can redirect users to other (likely suspicious/malicious) sites. Most visitors to lifepcessentials[.]com a
Weather Search is an extension that promises to display weather forecasts and related information relevant to the user's location, local time, and browser wallpapers. Our researchers discovered this piece of software while investigating dubious websites. After inspecting Weather Search, we determ
During our investigation of a malicious installer, we discovered concerning actions performed by the SempervivumTectorum browser extension, including enabling the "Managed by your organization" feature in Chrome settings and collecting user data. Thus, users who have SempervivumTectorum added to t
While inspecting deceptive sites, our research team discovered the "Your Google Account Has Been Locked!" scam. Specifically, it is a technical support scam. It informs the website's visitor that their Google account has been blocked due to visits to harmful pages which pose significant threats.
Our team assessed the Whatodo browser extension and determined that it functions as a browser hijacker. Its main objective is to promote gsrcunow.com, a fake search engine, by altering the settings of the compromised browser. Typically, users inadvertently introduce browser hijackers to their brow