CRFILE is ransomware (belonging to the MedusaLocker family) that our team has discovered while examining malware samples submitted to VirusTotal. It is designed to lock files through encryption, append the ".CRFILE2" extension to files, and create a ransom note ("READ_NOTE.html"). An example of h
We have analyzed the site (vote-pijswap[.]co) and concluded that it is a scam web page designed to steal cryptocurrency holdings from unsuspecting individuals. Like most scams of this type, it promises participants rewards to lure them into taking harmful actions. Such sites should be avoided to p
Our team has analyzed the email and determined that it is a scam impersonating the International Finance Corporation (IFC), a legitimate financial institution. The scammers behind it aim to trick recipients into revealing personal information (and possibly sending money). Such emails should be ign
During our inspection of orbitinginsights.com, we found that it is a fake search engine promoted through an extension known as Orbiting Insights. The promoting extension operates as a browser hijacker - it changes the settings of a web browser to force users to visit orbitinginsights.com.
Fire Shield Extension Protection is a piece of unwanted software promoted as a tool capable of detecting malicious browser extensions by checking how they use their permissions. This unwanted extension does operate in this manner; instead, it can spy on users' browsing activity and modify browser
Our research team discovered the Protecto for Chrome unwanted extension while investigating suspicious websites. According to its promotional material, Protecto is a security tool that can protect users from phishing, scams, and spam, as well as remove malicious extensions that diminish the browsi
Total Safety for Chrome is promoted as a browser extension management tool capable of scanning them for malicious behavior. Instead of working as advertised, this unwanted extension can change browsers' operation/appearance and collect sensitive data. Numerous browser extensions have been
This extension misleadingly claims to be affiliated with DeepSeek AI, a well-known and reputable service, in an attempt to appear legitimate and trustworthy. It is designed to collect user-inputted data and transmit it to its developers. This creates a privacy concern, as malicious third parties c
Supessherse.co[.]in is a rogue page during a routine investigation of suspect websites. After examining this webpage, we determined that it promotes browser notification spam and produces redirects to different (likely unreliable/harmful sites. The majority of visitors to supessherse.co[.]in and
During our examination of MultSearch, we learned that it is an extension designed to hijack a web browser by changing its settings. The purpose of this hijacking is to promote oesrchrdr.com, a fake search engine. Users are advised not to trust browser hijackers and the associated search engines.