Pikabot, also known as PikaBot and iPikaBot, is a malicious program. It is classed as loader-type malware. Pikabot is designed to cause chain infections. In other words, it can download/install additional malicious programs or components. Pikabot employs various anti-analysis techniques, i
After evaluating the Gastronomy Tab browser extension, we learned that it behaves as a browser hijacker, promoting a fake search engine (find.hsrcnav.com). Gastronomy Tab alters browser settings to take control. Typically, users unintentionally download and install browser-hijacking applications.
During our analysis of the Better Webb application (browser extension), we noticed intrusive advertising actions that classify it as adware. Adware is frequently disseminated through dubious and misleading techniques, putting unsuspecting users at risk of inadvertently downloading and installing i
GoldenJackal, an APT group, has developed a collection of .NET malware tools known as Jackal. The Jackal toolset includes components such as JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher. GoldenJackal typically focuses its attacks on government and diplomatic entit
Upon testing the Personalized Backgrounds extension, we found that it is a browser hijacker designed to promote goog.personalizedbackground.com, a fake search engine. Personalized Backgrounds forces users to visit/use goog.personalizedbackground.com by changing the settings of a web browser.
Shapes Tab is a rogue browser extension that we discovered while inspecting suspect webpages. It is presented as a tool that displays browser wallpapers. After analyzing this extension, we determined that it is browser-hijacking software. Shapes Tab makes alterations to browser settings in order t
While investigating dubious websites, our researchers discovered the Car Tab browser extension. It is promoted as a tool that displays automobile-themed wallpapers. However, our analysis revealed that Car Tab is a browser hijacker. It changes browser settings and endorses (via redirects) the find.
TurkoRat is the name of a malicious program classed as a stealer. This malware aims to steal sensitive information from infected machines. TurkoRat was observed being distributed in several malicious packages via the npm package repository. As mentioned in the introduction, TurkoRat is a s
AhRat is a Remote Access Trojan (RAT) that focuses on infiltrating Android devices. Its distribution occurred through a trojanized screen recording application, which was disguised and offered for download on the Google Play store. The original version of the app that was uploaded to the store di
While investigating suspicious websites, our research team discovered the ilitonline.com rogue webpage. It is designed to endorse browser notification spam and redirect users to other (likely dubious/malicious) websites. Users primarily access pages like ilitonline[.]com via redirects caused by si