While checking the TursiopsTruncatus browser extension, we found troubling activities like adding the "Managed by your organization" feature to Chrome settings and collecting data. Our encounter with TursiopsTruncatus occurred when we investigated a harmful installer downloaded from an unreliable
After examining the "Product Request" email, we determined that it is spam. This message claims to contain documentation regarding an urgent purchase. The attachment is a phishing file targeting email account log-in credentials. The email with the subject "Request for Quotes" (may vary) st
During our inspection of malware samples uploaded to VirusTotal, our team discovered a ransomware variant dubbed Grounding Conductor. The purpose of Grounding Conductor is to prevent victims from accessing their files by zipping and encrypting them. Additionally, this ransomware places a ransom no
Our researchers found the S4b ransomware-type program while investigating new malware submissions to the VirusTotal website. This program is part of the Phobos ransomware family. S4b is designed to encrypt data and demand payment for its decryption. On our test machine, this ransomware encrypted
While assessing the MyWallPaper, it became apparent that its primary goal is to operate as a browser hijacker, with the objective of endorsing mywallpaper.co, a fraudulent search engine. This extension modifies web browser settings to establish control over it. To avoid potential damage, users wit
During our assessment of the LavandulaAngustifolia browser extension, we identified concerning actions, such as enabling the "Managed by your organization" feature in Chrome browsers, controlling specific browser components, and gathering data. Our interaction with LavandulaAngustifolia took place
While reviewing malware samples on the VirusTotal platform, we encountered the Rzew ransomware, which belongs to the Djvu family. When this ransomware infects a computer, it encrypts files and adds the ".rzew" extension to their filenames. For example, "1.jpg" would be transformed into "1.jpg.rzew
After careful analysis, our team has determined that the objective of this email is to deceive recipients into disclosing their personal information. These emails are classified as phishing attempts, where the senders, who are fraudulent actors, seek to trick recipients into sharing sensitive info
Crystalchiseler[.]top is a rogue webpage that our research team found while checking out untrustworthy sites. This page is designed to deceive visitors into allowing its spam browser notification delivery. It can also generate redirects to other (likely dubious/malicious) websites. Users predomin
Our researchers discovered the ParameterLog app while investigating new submissions to the VirusTotal site. After inspecting this piece of software, we learned that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It generates revenue