Our researchers discovered the Udaigen ransomware-type program while investigating new submissions to the VirusTotal website. It operates by encrypting files and demanding payment for decryption. On our test machine, Udaigen encrypted files and appended their filenames with a ".jcrypt" extension.
After analyzing ExpandedBrowser, we concluded that this application operates as adware. Its primary function is to present users with a range of advertisements. Additionally, ExpandedBrowser may have the capability to gather different types of information. It is worth noting that adware is often
While investigating untrustworthy websites, our researchers discovered the Quotes Srch Tab browser extension. It is endorsed as an extension that displays seaside-themed browser wallpapers featuring famous quotes. After examining Quotes Srch Tab, we determined that it is a browser hijacker. It mo
During our investigation of suspicious websites, we came across thepharmadds[.]com, which attempts to present misleading notifications to visitors. This website uses clickbait to convince users to grant permission to receive notifications from it. Thus, users are advised not to trust thepharmadds[
During our investigation of addinglobal[.]com, we discovered that it is among the websites created to deceive visitors into consenting to receive notifications. These notifications can be bothersome and invasive, and in some cases, they may even carry malicious content. Typically, users open sites
Shampoo is the name of a browser extension, which is proliferated in the latest ChromeLoader malware campaign. This piece of software operates primarily as a browser hijacker, but it also has adware functionalities. Shampoo is similar to the Ring browser hijacker, although the former is more soph
While analyzing malware samples submitted to VirusTotal, we came across Bhgr, a member of the Djvu ransomware family. Bhgr encrypts files on the compromised system and appends the ".bhgr" extension to their filenames. Also, Bhgr generates a ransom note ("_readme.txt" file). To illustrate the file
During our investigation of websites utilizing rogue advertising networks, we came across getgadsgroup[.]com, a site that employs a deceptive tactic to lure visitors into subscribing to notifications. It is important to note that users do not deliberately navigate to pages like getgadsgroup[.]com.
BabyDuck is a ransomware-type program we discovered while examining new submissions to VirusTotal. This malicious program is based on Babuk ransomware. On our testing system, a sample of BabyDuck encrypted files and appended their filenames with a ".babyduck" extension. For example, a file origin
After investigating the "New Webmail Version" email, we determined that it is spam. This letter encourages the recipient to switch their Webmail account to the latest version. The aim of this phishing mail is to obtain email account log-in credentials. The email with the subject "New lette