While testing the National Parks Tab browser extension, we found that it hijacks a web browser by changing its settings. Typically, users download and add browser hijackers to browsers unknowingly. Most apps of this type promote fake (or untrustworthy) search engines. We learned that Natio
While analyzing cophypserous[.]com, we found that it is an untrustworthy web page that shows a deceptive message to lure visitors into allowing it to show notifications. Our team discovered cophypserous[.]com while inspecting websites that use shady advertising networks. Cophypserous[.]com
While inspecting malware samples submitted to the VirusTotal page, our team discovered a ransomware variant called Monaki. This ransomware encrypts files and prepends "Lock." to their filenames. Also, Monaki changes the desktop wallpaper to an image with a ransom note. An example of how Monaki re
CY3 is ransomware belonging to the Dharma family. Our team discovered CY3 while checking the VirusTotal website for recently submitted malware samples. We found that CY3 encrypts files, appends the victim's ID, cybercrypt@tutanota.com email address, and ".CY3" extension to filenames. CY3 also dis
While examining video***[.]space pages (e.g., videofin[.]space, videobtc[.]space, videoeth[.]space, videofun[.]space), we found that they display deceptive content to lure visitors into agreeing to receive notifications. Users do not visit such pages on purpose. Our team discovered them while visi
After examining this email, our team determined that it is a scam email written by scammers who try to trick recipients into believing they have won a lottery but have not claimed their prize. They aim to lure recipients into providing personal information and (or) transferring money. This email s
MortalKombat is ransomware our malware researchers have discovered while inspecting samples submitted to the VirusTotal website. It encrypts files, changes the desktop wallpaper, drops the "HOW TO DECRYPT FILES.txt" file, and modifies filenames. MortalKombat is based on Xorist ransomware. MortalK
We have inspected this email and concluded that it is written by scammers who aim to trick recipients into providing sensitive information. It is disguised as a letter regarding a cryptocurrency transaction and contains links designed to open phishing pages. This email should be marked as spam and
While examining malware samples submitted to VirusTotal, we discovered a ransomware belonging to the Djvu family called Znto. It encrypts files, appends the ".znto" extension to filenames of encrypted files, and creates a text file ("_readme.txt") containing a ransom note. An example of how Znto
Block_file12 is ransomware designed to encrypt files and append an email address and the ".block_file12" extension to filenames. An example of how Block_file12 renames filenames: it changes "1.jpg" to "1.jpg!===contact_mail===itankan12@gmail.com===.block_file12", "2.png" to "2.png!===contact_mail=