While studying malware on VirusTotal, we found the Rzml ransomware, which is part of the Djvu family. When a computer is affected, Rzml encrypts files and adds the ".rzml" extension to their names. For example, "1.jpg" becomes "1.jpg.rzml" and "2.png" turns into "2.png.rzml". Apart from encryptin
During our examination of malicious software samples that were uploaded to VirusTotal, we came across ransomware dubbed Rzkd. This particular ransomware is designed to encrypt files and alter their names by appending the ".rzkd" extension. Furthermore, Rzkd generates a ransom note, which can be fo
During our analysis of the Fonts Determiner application, our team observed that it presents a range of advertisements. Consequently, we have classified Fonts Determiner as adware. It should be highlighted that software of this nature is frequently marketed and disseminated through misleading metho
During our evaluation of the PterygotusAnglicus browser extension, we identified concerning behavior, such as adding the "Managed by your organization" feature to Chrome browsers, managing certain elements of the browser, and reading various data. We came across PterygotusAnglicus while investigat
During a routine review of new file submissions to VirusTotal, our research team discovered the ArchiveRemote application. After inspecting it, we determined that this piece of software is adware. ArchiveRemote is part of the AdLoad malware family. This app generates revenue for its developers
Tropical Extension is a piece of rogue software that we found while inspecting suspicious sites. This extension promises to display tropics-themed browser wallpapers. Our examination revealed that Tropical Extension is a browser hijacker. It modifies browser settings to endorse (through redirects)
While investigating untrustworthy websites, our researchers discovered the Key Searchs browser extension. After inspecting this piece of software, we determined that it is a browser hijacker promoting (via redirects) the keysearchs.com fake search engine. In most cases, browser hijackers m
SapphireStealer is an information-stealing malware. Its codebase was released to GitHub in December 2022. Since then, several variants with differing capabilities have been discovered. Due to this, it is likely that SapphireStealer is used by multiple threat actors. It is noteworthy that this ste
While assessing the HaastsEagle browser extension, we encountered troubling behavior. Notably, it introduces the "Managed by your organization" feature into Chrome browsers. Our discovery of HaastsEagle occurred during the examination of a malicious installer obtained from an untrustworthy website
SuperBear is the name of a Remote Access Trojan (RAT). Programs within this category operate by enabling remote access and control over devices. RATs can be highly versatile; however, research shows that SuperBear is a targeted malware. Likewise, this trojan has been used in strongly targeted att