While inspecting new submissions to VirusTotal, our researchers discovered BOOM – a malicious program belonging to the Phobos ransomware family. Malware within this classification is designed to encrypt data and demand ransoms for its decryption. After we executed a sample of BOOM (Phobos) ransom
Upon our inspection of opencaptchahere[.]top, it was found to use a deceitful approach to convince visitors to permit it to send notifications. Also, opencaptchahere[.]top may redirect visitors to questionable websites. Opencaptchahere[.]top was encountered while examining pages that employ shady
LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. The hVNC component is effective in evading fraud detection systems. Also, LOBSHOT is being used to carry out financial crimes throu
Fofd is a type of ransomware that belongs to the Djvu family. It encrypts files on the victim's computer and demands a ransom payment for the decryption tools. Our team discovered Fofd while reviewing recently submitted malware samples on the VirusTotal site. It is important to note that Fofd may
During our analysis of malware samples submitted to VirusTotal, our team came across Sato ransomware, which belongs to the Djvu family. Once a computer is infected, Sato encrypts the files and adds the ".sato" extension to their filenames. Moreover, it generates a ransom note (creates a text file
While examining malware samples submitted to VirusTotal, we encountered Saba, a ransomware variant from the Djvu ransomware family. Saba encrypts files and modifies their filenames by adding the extension ".saba". Additionally, it generates a ransom note, a text file named "_readme.txt". An examp
Bumperskiner[.]com is a rogue webpage that our research team found while investigating suspicious sites. Two appearance variants were discovered, both using fake CAPTCHA to promote browser notification spam. Additionally, bumperskiner[.]com is capable of redirecting users to other (likely unreliab
Our researchers discovered the Spice browser extension during a routine inspection of untrustworthy websites. This extension is endorsed as a quick-access tool for recipes, dietary recommendations, best-rated restaurants, and other food-related content. Our analysis of Spice revealed that it oper
While investigating dubious websites, our research team discovered the Plant Planet browser extension. It is endorsed as a quick-access tool to healthy lifestyle related content. Our analysis revealed that Plant Planet operates as a browser hijacker and promotes (through redirects) the finddbest.c
Our research team discovered the dm*.biz rogue website family during a routine investigation of untrustworthy sites. This group includes pages that have similar URLs that differ by number, e.g., dm01[.]biz, dm02[.]biz, dm03[.]biz, dm04[.]biz, etc. Rogue webpages of this kind are designed to load