Our team identified the Coza ransomware, which belongs to the Djvu family, while examining samples on VirusTotal. This malware encrypts data and modifies the names of affected files by adding the ".coza" extension. Once the encryption process is finished, a ransom note is left behind in the form o
After examining the NanoAccess application, we discovered that it displays intrusive advertisements. Consequently, we have categorized NanoAccess as adware, which is often distributed through dubious and misleading methods. As a result, unsuspecting users can unintentionally download and install
Our discovery revealed that the Unitab World Clock is a browser extension that takes control of web browsers (hijacks them) to promote search.unitab.me. This website is a fake search engine that does not produce its own search results. Browser hijackers are commonly downloaded and installed by use
After examining this email, our team concluded that it is a fraudulent email that masquerades as a letter from the assistant secretary general of the United Nations. Scammers behind it attempt to lure recipients into providing sensitive information or transferring money. Thus, recipients should ig
During our assessment of the MetroToken application, our team observed that it exhibits intrusive ads. As a result, we classified it as adware or software that supports advertising. Adware is typically installed unintentionally by users. Our detection of MetroToken occurred while examining decep
Upon testing the Sports Madness browser extension, we learned it is a browser hijacker promoting sportmadness.info, a fake search engine. Sports Madness hijacks web browsers by changing their settings. Usually, users download and add browser-hijacking apps inadvertently. Sports Madness is
Pwpdvl is ransomware that our team discovered while checking the VirusTotal site for recently submitted samples. Upon investigating Pwpdvl, we found that it encrypts files, appends the victim's ID and ".pwpdvl" extension to filenames, and creates a ransom note ("RESTORE_FILES_INFO.txt" file). An
Upon analyzing the RichExts application, we have determined that it is a browser extension that is designed to take over web browsers (hijack them). The application alters the browser settings to forcefully push a fake search engine (sweetrnd.net). Furthermore, RichExts possesses the capacity to a
Whilst evaluating the FractionCommand application, our team observed that it displays intrusive ads. As a result, we classified FractionCommand as adware. Adware is typically distributed via questionable methods, which can result in inadvertent downloads and installations by users. Fract
We have examined the Cosmica application and discovered that it operates as a browser hijacker. Once added, Cosmica changes some of the settings of a web browser to search.cosmica-tab.com - a fake search engine. Neither Cosmica nor search.cosmica-tab.com is trustworthy. Once added to a web