Our researchers discovered the Basn malicious program during a routine inspection of new submissions to VirusTotal. Basn is classed as ransomware – a type of malware that encrypts data and demands ransoms for decryption. Once we launched a sample of this ransomware on our test machine, it began e
After analyzing checkingsystem[.]site, we learned that this site runs the "McAfee - Your PC is infected with 5 viruses!" scam and asks for permission to send deceptive notifications (show untrustworthy advertisements). We discovered checkingsystem[.]site while examining other unreliable sites.
Searchfme.com is a fake search engine. While most sites of this kind cannot provide search results, this website can – although they are inaccurate and include unreliable/deceptive content. Typically, websites like searchfme.com are promoted by browser hijackers. Furthermore, these pages and the
Upon testing suggest4you.com, we have determined that it is an untrustworthy search engine that could potentially produce deceptive results (and advertisements). Generally, search engines similar to suggest4you.com are endorsed by browser hijackers, which modify browser configurations to promote t
HookSpoofer is an information stealer written in the C# programming language that possesses keylogging and clipper functionalities. Cybercriminals use information stealers as they are a type of malware designed to obtain sensitive or confidential information from victims' devices, such as login cr
During our analysis of malware samples submitted to the VirusTotal page, we came across a ransomware strain dubbed Dapo. Upon further investigation, we determined that Dapo belongs to the Djvu ransomware family. Dapo encrypts data, alters file names, and generates a text file ("_readme.txt") conta
Our team found Dazx, a member of the Djvu ransomware family, during a review of malware samples submitted to VirusTotal. The primary objective of Dazx is to encrypt files. Also, this ransomware modifies filenames by adding the ".dazx" extension to filenames and creates a ransom note named "_readme
Our researchers found the euprotection[.]click rogue page while inspecting dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, this webpage can redirect visitors to other (likely untrustworthy/hazardous) sites. Most users can enter such pages via redirect
Our researchers discovered the Merlin ransomware during a routine investigation of new submissions to VirusTotal. After we executed a sample of this malware on our test system, it encrypted files and appended their filenames with a ".Merlin" extension. For example, a file initially titled "1.jpg"
While inspecting deceptive websites, our researchers discovered the COVID Dashboard, full title – COVID dashboard at Johns Hopkins University – browser extension. It is promoted as a tool for easy access to information concerning the COVID-19 pandemic. After investigating this extension, we deter