MgBot is a malware framework. It is capable of causing chain infections (i.e., downloading/installing additional malicious programs or components). Additionally, this framework supports multiple plug-ins that are geared toward data exfiltration. MgBot has been used in an attack on an African tele
Our examination has revealed that top-search.xyz is a fake search engine. Such search engines are usually promoted through browser hijackers, which users unknowingly install on computers or add to browsers as apps. As a result, the browser settings are modified without their knowledge or consent.
Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services. This Trojan primarily affects users in Thailand. It has been active since the start of 2022 and is continuously updated with new capabilities. Cybercriminals can
While examining websites that utilize illegitimate advertising networks, our team found oneettinlive[.]com, an untrustworthy webpage that presents visitors with deceitful material to trick them into enabling browser notifications. Typically, users do not intentionally visit sites like oneettinlive
While testing the Quick Close Tab extension, we found that it is supposed to close the current tab in a context menu but shows advertisements. Thus, we classified Quick Close Tab as adware. It is worth noting that our team discovered Quick Close Tab on a deceptive website. Usually, apps li
During our examination of malware samples submitted to VirusTotal, we came across a ransomware variant belonging to the Djvu family, dubbed Foty. This ransomware encrypts files and adds the ".foty" extension to the filenames. Additionally, Foty also leaves a ransom note file called "_readme.txt".
Our research team discovered the nongloths[.]com rogue page while inspecting suspicious websites. It is designed to promote spam browser notifications and redirect users to different (likely unreliable/dangerous) sites. Users typically enter webpages like nongloths[.]com through redirects caused b
Nkingwitheaam[.]com is a rogue website that we discovered during a routine inspection of suspicious pages. It is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/harmful) sites. Users typically access webpages like nkingwitheaam[.]com via redirects
Our researchers found the Tropical Horizons Wallpapers browser extension while inspecting deceptive websites. This piece of software promises to display tropics-themed wallpapers. However, our investigation revealed that Tropical Horizons Wallpapers operates as a browser hijacker, i.e., it makes a
Our inspection of the "Improvements To All Our e Mail Servers" email revealed that it is spam. It falsely claims that the mail servers are undergoing upgrades, which if not implemented – will result in the recipient's email account getting deactivated. This scam letter aims to steal account log-in