Upon examination of the CyclinGuru browser extension, we found that it takes over a web browser by altering its settings with the aim of promoting a fake search engine called privatesearchqry.com. As a result, we have classified CyclinGuru as a browser hijacker. CyclinGuru browser extensio
Npdnnsgg[.]com is a rogue webpage that we discovered while investigating suspicious sites. It operates by promoting spam browser notifications and redirecting visitors to different (likely untrustworthy/harmful) websites. Most users access pages like npdnnsgg[.]com via redirects generated by sites
Our researchers found the Drinking Well browser extension while inspecting dubious sites. It is endorsed as a tool for tracking and improving users' hydration habits. However, our analysis of Drinking Well revealed that it is a browser hijacker, i.e., the extension modifies browser settings to pr
H3r is a ransomware discovered by our researchers during a routine inspection of new submissions to VirusTotal. This program is part of the Dharma ransomware family and operates by encrypting data in order to demand ransoms for its decryption. On our testing system, H3r renamed the encrypted file
MIMUS is ransomware that encrypts files, replaces their filenames with a string of random characters and appends the ".encrypted" extension, and drops the "READ_TO_DECRYPT.html" file that contains a ransom note. Our malware researchers discovered MIMUS during an examination of samples submitted to
While inspecting new submissions to VirusTotal, our researchers discovered BOOM – a malicious program belonging to the Phobos ransomware family. Malware within this classification is designed to encrypt data and demand ransoms for its decryption. After we executed a sample of BOOM (Phobos) ransom
Upon our inspection of opencaptchahere[.]top, it was found to use a deceitful approach to convince visitors to permit it to send notifications. Also, opencaptchahere[.]top may redirect visitors to questionable websites. Opencaptchahere[.]top was encountered while examining pages that employ shady
LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. The hVNC component is effective in evading fraud detection systems. Also, LOBSHOT is being used to carry out financial crimes throu
Fofd is a type of ransomware that belongs to the Djvu family. It encrypts files on the victim's computer and demands a ransom payment for the decryption tools. Our team discovered Fofd while reviewing recently submitted malware samples on the VirusTotal site. It is important to note that Fofd may
During our analysis of malware samples submitted to VirusTotal, our team came across Sato ransomware, which belongs to the Djvu family. Once a computer is infected, Sato encrypts the files and adds the ".sato" extension to their filenames. Moreover, it generates a ransom note (creates a text file