After investigating the "Payment Confirmation" email, we determined that it is spam. Allegedly containing documentation relating to the confirmation of a payment, this fake letter actually has a phishing file attached to it. This file targets account log-in credentials (usernames/passwords).
Captchagenius[.]top is a rogue webpage that we discovered while investigating suspicious sites. It operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/harmful) pages. Users primarily enter captchagenius[.]top and similar webpages via redirects
Upon investigation, we determined that this email is a phishing scam disguised as a notification from an email service provider featuring a link to a deceptive website. Therefore, we have categorized it as a phishing email. Typically, scammers employ such emails to trick recipients into revealing
Nature-Newtab is a rogue browser extension that our research team found while investigating suspect sites. It operates by making changes to browser settings in order to promote (through redirects) the api.nature-newtab.com illegitimate search engine. Due to this behavior, Nature-Newtab is categori
Upon conducting tests on bestsearch.ai, we discovered that the search engine is unreliable and produces questionable results, often including advertisements. Such search engines are commonly associated with browser hijackers, which promote them by modifying web browser settings. Bestsearch
Pikabot, also known as PikaBot and iPikaBot, is a malicious program. It is classed as loader-type malware. Pikabot is designed to cause chain infections. In other words, it can download/install additional malicious programs or components. Pikabot employs various anti-analysis techniques, i
After evaluating the Gastronomy Tab browser extension, we learned that it behaves as a browser hijacker, promoting a fake search engine (find.hsrcnav.com). Gastronomy Tab alters browser settings to take control. Typically, users unintentionally download and install browser-hijacking applications.
During our analysis of the Better Webb application (browser extension), we noticed intrusive advertising actions that classify it as adware. Adware is frequently disseminated through dubious and misleading techniques, putting unsuspecting users at risk of inadvertently downloading and installing i
GoldenJackal, an APT group, has developed a collection of .NET malware tools known as Jackal. The Jackal toolset includes components such as JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher. GoldenJackal typically focuses its attacks on government and diplomatic entit
Upon testing the Personalized Backgrounds extension, we found that it is a browser hijacker designed to promote goog.personalizedbackground.com, a fake search engine. Personalized Backgrounds forces users to visit/use goog.personalizedbackground.com by changing the settings of a web browser.