Shampoo is the name of a browser extension, which is proliferated in the latest ChromeLoader malware campaign. This piece of software operates primarily as a browser hijacker, but it also has adware functionalities. Shampoo is similar to the Ring browser hijacker, although the former is more soph
While analyzing malware samples submitted to VirusTotal, we came across Bhgr, a member of the Djvu ransomware family. Bhgr encrypts files on the compromised system and appends the ".bhgr" extension to their filenames. Also, Bhgr generates a ransom note ("_readme.txt" file). To illustrate the file
During our investigation of websites utilizing rogue advertising networks, we came across getgadsgroup[.]com, a site that employs a deceptive tactic to lure visitors into subscribing to notifications. It is important to note that users do not deliberately navigate to pages like getgadsgroup[.]com.
BabyDuck is a ransomware-type program we discovered while examining new submissions to VirusTotal. This malicious program is based on Babuk ransomware. On our testing system, a sample of BabyDuck encrypted files and appended their filenames with a ".babyduck" extension. For example, a file origin
After investigating the "New Webmail Version" email, we determined that it is spam. This letter encourages the recipient to switch their Webmail account to the latest version. The aim of this phishing mail is to obtain email account log-in credentials. The email with the subject "New lette
Keywordssearching.com is the address of a fake search engine. Websites of this kind are usually promoted (via redirects) by browser hijackers. This software modifies browser settings for this purpose. Furthermore, both illegitimate search engines and browser-hijacking software typically collect us
Upon investigating tapheshusurvey[.]space, we determined that it is an untrustworthy website that engages in survey scams. Additionally, tapheshusurvey[.]space wants to display notifications and redirects users to other websites. It is important to note that users do not intentionally visit pages
After inspecting the "You've Received A Secure File" spam email, we determined that it operates as a phishing scam. The letter claims that the recipient was sent a protected document, which can only be accessed by providing their email account log-in credentials. The email with the subject
During our investigation of suspicious advertising networks, our team discovered atoionanruman[.]com, a website known for displaying a deceptive message aimed at persuading visitors to enable notifications. It is worth noting that users often land on pages like atoionanruman[.]com unintentionally,
While examining web pages associated with unreliable advertising networks, we came across fullpcchain[.]com. Our investigation uncovered that fullpcchain[.]com is an untrustworthy website that promotes the "McAfee - Your PC is infected with 5 viruses!" scam. Additionally, fullpcchain[.]com request