After conducting tests on the SkilledRotator application, our team has determined that it functions as adware. While it is installed, SkilledRotator generates unwanted advertisements and may be able to access sensitive information. Adware is frequently promoted and distributed using shady method
During our analysis of Speak Text, we learned that it functions as a browser hijacker that promotes search.speak-text-tab.com, a fake search engine. Speak Text hijacks a web browser by modifying its settings. In addition, Speak Text can read various data. Thus, it is recommended to avoid adding th
Kiwm is a type of malware that is part of the Djvu ransomware family. We came across Kiwm during our analysis of malware samples submitted to VirusTotal. It works by encrypting files, adding the ".kiwm" extension to their names, and leaving a ransom note (the "_readme.txt" text file). An example
Kifr belongs to the Djvu family of ransomware and follows the pattern of encrypting files and appending the ".kifr" extension to their names. The ransomware also creates a "_readme.txt" file with instructions on how to pay the ransom. Our researchers discovered Kifr while analyzing malware samples
During our investigation of SkipAds for Youtube, we discovered that it presents intrusive advertisements, which led us to classify this browser extension as adware. Ironically, its name suggests that it blocks ads. It is important to note that users often unintentionally download and install adwar
Proton is ransomware that our team discovered on VirusTotal while checking the page for recently submitted malware samples. We found that Proton encrypts files, appends the kigatsu@tutanota.com email address, victim's ID, and, depending on the variant, ".Proton" or ".kigatsu" extension to filename
Rorschach (also known as BabLock) is ransomware that encrypts files. The attackers aim at small and medium-sized businesses as well as industrial companies. Along with encrypting data, Rorschach also adds a random string of characters and a two-digit number (ranging from 00 to 98) to the end of fi
While examining the Sports Engine browser extension, we found that it hijacks a web browser by changing its settings. The purpose of this browser-hijacking app is to promote a fake search engine (sportengine.info). Additionally, Sports Engine can read certain data. Once added, the Sports E
Upon scrutinizing this email, we have ascertained that it is a fraudulent extortion letter. This phishing campaign comprises of at least two versions of the letter, with the perpetrators employing the names of well-known cybercriminals to intimidate and lend credibility to their threats. T
After reviewing this email, we determined that it is a phishing letter masquerading as a notification from an email service regarding mail delivery status. There are at least two variants of this letter in the phishing campaign. Scammers use both of them to lure unsuspecting recipients into provid