Our inspection of the "Messages Not Delivered Due To Server Interruptions" email revealed that it is spam. This phishing letter aims to trick recipients into disclosing their email account credentials by making false claims regarding undelivered messages. The spam email with the subject "M
While inspecting browser-hijacking software, our research team discovered the browsing-shield.xyz fake search engine. These websites cannot generate search results, so they redirect to legitimate search engines. Sites like browsing-shield.xyz are typically promoted (through redirects) by browser
Our researchers discovered the Skynetwork ransomware-type program while investigating new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demand ransom for its decryption. Once we launched a sample of Skynetwork on our
Crazyresultsnow.com is the URL of an illegitimate search engine. Websites of this kind are usually incapable of generating search results, and while crazyresultsnow.com can – they are inaccurate and may include irrelevant/deceptive content. Fake search engines are typically promoted by browser hi
After inspecting the "Product Availability Confirmation" email, we learned that it is spam. The fake letter is presented as an urgent purchase request from the sender. This mail operates as a phishing scam and promotes a phishing site disguised as SharePoint. This website is designed to record and
Our researchers discovered the MainAdviseSearch app while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware group. It operates by displaying ads and may have additional harmful abilities. Adwa
WannaSmile is ransomware that encrypts files, appends the ".wannasmile" extension to filenames, and displays a ransom note (a pop-up window). An example of how WannaSmile modifies filenames: it changes "1.jpg" to "1.jpg.wannasmile", "2.png" to "2.png.wannasmile", and so forth. Files encrypted by
During our investigation of websites that utilize rogue advertising networks, we came across thecloudvantnow[.]com, a deceptive website. Visitors to the site are presented with false information (in the form of a fake CAPTCHA) to trick them into accepting notifications. Also, accessing thecloudvan
During our examination of mysearchexperts.com, we learned that this is a shady search engine that may provide inaccurate results. It is common for questionable (or fake) search engines to be promoted through browser hijackers. Apps of this type hijack web browsers by changing their settings.
While examining firstinearch.com, we found that it is a questionable search engine. Typically, search engines like firstinearch.com have poor search functionality and are associated with browser hijackers or other unwanted programs. In most cases, users download and install/add browser hijackers u