While examining this email, we learned it is a phishing letter claiming to contain a copy of a remittance. The link in this email leads to a phishing page - a deceptive site designed to steal personal information from visitors. Thus, recipients of this email should not open the provided page and d
Ryuk (Fonix) is the name of a ransomware-type program. Malware within this classification is designed to encrypt data and demand payment for its decryption. This program imitates RYUK/RYK ransomware (i.e., extension, ransom note, etc.) – however, it actually is the Fonix ransomware. After we exec
Authenticpcnetwork[.]com is among the deceptive websites that use the "McAfee - Your PC is infected with 5 viruses!" scam to trick visitors. The page displays false virus alerts to convince users to buy legitimate software. Also, authenticpcnetwork[.]com requests permission to display shady notifi
Our research team found the euhelpcenter[.]click rogue webpage during a routine inspection of suspicious sites. This page is designed to promote deceptive content (online scams) and browser notification spam. Additionally, it can redirect visitors to other (likely untrustworthy/harmful) websites.
While examining Tennis Start browser extension, we found that it hijacks a web browser by changing its settings. The purpose of Tennis Start is to promote search.nstart.online - a fake search engine. It is worth mentioning that users rarely download and add/install browser hijackers intentionally.
Nowtosearch.com is the address (URL) of a fake search engine. While most sites of this kind cannot generate search results, this website is an exception. However, the results provided by nowtosearch.com can be irrelevant and include deceptive/harmful content. In most cases, illegitimate search en
During our investigation of pages that use shady advertising networks, we came across maincaptchanow[.]top. We found that this site employs clickbait tactics to deceive visitors into consenting to receive notifications and redirects them to scam websites. Thus, it is advisable to avoid visiting ma
Our research team found the Acessd ransomware-type program during a routine inspection of new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demands ransoms for the decryption. Once we executed a sample of Acessd on ou
Soul is the name of the malware framework. Cybercriminals behind it use a downloader that executes a loader dubbed SoulSearcher. This loader is accountable for the decryption, downloading, and loading of other modules of the Soul modular backdoor into memory. The usage of the Soul framework has be
Our tests of control-search.xyz revealed it to be a fake search engine that does not produce its own search results. It is important to note that these types of search engines are often promoted through browser-hijacking applications, and users often unintentionally add them to their browsers.