Our research team discovered the Tabtonews rogue browser extension during a routine inspection of untrustworthy websites. After investigating this piece of software, we determined that it is a browser hijacker. Tabtonews makes modifications to browser settings in order to promote (through redirect
Despite being advertised as an app aimed at providing daily inspiration and creativity for photographers, we discovered that Daily Inspiration for Photographers is, in fact, a browser hijacker. This app promotes a fake search engine by tampering with certain browser settings. As a result, trusting
BIDON is a new variant of the MONTI ransomware. Programs within the ransomware category are designed to encrypt files and demand payment for their decryption. After we executed a sample of BIDON on our test system, it began encrypting files. The filenames of affected files were appended with a ".
While analyzing the RootCompact application, we noticed its tendency to display intrusive advertisements. These types of applications are typically classified as adware, as they are supported by advertising. Users often unknowingly install apps like RootCompact without fully understanding their
During our analysis of the Retro Search New Tab browser extension, our team observed that it alters specific web browser settings with the intention of promoting a fake search engine, retro-search.com. Applications displaying such conduct are commonly referred to as browser hijackers. Retr
During a routine inspection of new submissions to the VirusTotal site, our researchers discovered the Rtg ransomware-type program. It is part of the Xorist ransomware family. This malicious program encrypts data and demands ransoms for its decryption. On our test machine, Rtg ransomware encrypted
During our examination of this page, we discovered that it hosts a technical support scam, displaying deceptive pop-up messages to mislead visitors into thinking their computers are infected. It is crucial to avoid interacting with such sites as they are designed to deceive users. Usually, users a
During our analysis of samples on VirusTotal, our team discovered a new variant of the Djvu ransomware family named Popn. This particular variant encrypts data and adds the ".popn" extension to the affected files. Also, the ransomware generates a ransom note called "_readme.txt". Popn utilizes a
X is ransomware that encrypts files, creates a ransom note ("X-Help.txt"), and renames files (appends the ".X" extension to filenames). Cybercriminals use this malware to extort money from victims. An example of how X modifies filenames: it renames "1.jpg" to "1.jpg.X", "2.png" to "2.png.X", and s
CherryBlos is the name of a malware targeting Android operating systems. This malicious program is classified as a stealer and a clipper. It operates by extracting/exfiltrating cryptowallet credentials and rerouting cryptocurrency transactions to wallets owned by the attackers. At least four fake