Our research team discovered the Volume Booster Max browser extension while inspecting scam websites. This piece of software is presented as a tool capable of boosting the volume of audio played via browsers. However, our inspection of this extension revealed that it operates as advertising-suppor
PSWSTEALER is the name of a stealer-type malware. It is designed to extract and exfiltrate sensitive information from systems and installed applications. Stealers can target a wide variety of data and are considered to be significant threats to user privacy/safety. PSWSTEALER is a stealer,
While analyzing the Dynamic malware, we discovered that it operates as an information stealer. Moreover, it downloads the BlackNET remote access trojan (RAT) on infected computers. Using both of these malicious programs, threat actors can steal sensitive information, take control of infected compu
Our researchers discovered the Airplanes - New Tab browser extension during a routine inspection of deceptive websites. It promises to provide airplane-themed backgrounds for browsers. Our analysis revealed that this extension modifies browser settings in order to cause redirects to the mbextensi
We have inspected yourshields24[.]com and found that this page shows deceptive messages implying that the visitor's device may be infected and offering antivirus protection. Also, yourshields24[.]com asks for permission to show notifications and opens other web pages. This website targets Android
After conducting a test on gotyousearch.com, we have determined that it is an unreliable search engine that produces questionable results. Such search engines are often promoted through browser hijackers. These apps alter web browser settings to promote shady search engines. Gotyousearch.c
After we inspected the "This Is A Secure Message" email, we determined that it is spam operating as a phishing scam. The fake letter states that a secure message has been sent to the recipient – thus attempting to trick them into disclosing their email account log-in credentials. The email
While analyzing the email, our team found that it is a phishing attempt. The perpetrators behind the email intend to deceive recipients into revealing sensitive information on a fraudulent website. The email is designed to resemble a security alert from a cryptocurrency wallet service provider.
Our malware researchers detected Typo, a ransomware variant associated with the Djvu family, while inspecting malware samples submitted to VirusTotal. Ransomware is malware that encrypts files, and Typo is no exception. Moreover, this ransomware modifies filenames by appending the ".typo" extensio
During our analysis of Tyos, we determined that this malware operates as ransomware: it encrypts files and adds the ".tyos" extension to their names. Additionally, it creates a ransom note named "_readme.txt". Our team discovered this ransomware while examining malware samples submitted to the Vir