While examining Tennis Start browser extension, we found that it hijacks a web browser by changing its settings. The purpose of Tennis Start is to promote search.nstart.online - a fake search engine. It is worth mentioning that users rarely download and add/install browser hijackers intentionally.
Nowtosearch.com is the address (URL) of a fake search engine. While most sites of this kind cannot generate search results, this website is an exception. However, the results provided by nowtosearch.com can be irrelevant and include deceptive/harmful content. In most cases, illegitimate search en
During our investigation of pages that use shady advertising networks, we came across maincaptchanow[.]top. We found that this site employs clickbait tactics to deceive visitors into consenting to receive notifications and redirects them to scam websites. Thus, it is advisable to avoid visiting ma
Our research team found the Acessd ransomware-type program during a routine inspection of new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demands ransoms for the decryption. Once we executed a sample of Acessd on ou
Soul is the name of the malware framework. Cybercriminals behind it use a downloader that executes a loader dubbed SoulSearcher. This loader is accountable for the decryption, downloading, and loading of other modules of the Soul modular backdoor into memory. The usage of the Soul framework has be
Our tests of control-search.xyz revealed it to be a fake search engine that does not produce its own search results. It is important to note that these types of search engines are often promoted through browser-hijacking applications, and users often unintentionally add them to their browsers.
While testing searchitonlinehome.com, we found that it shows ads and may display questionable results. Thus, it is not a completely reliable search engine. It is common for dubious search engines to be promoted via browser hijackers. Apps of this type change web browser settings to force users to
Usprotection[.]click is a dubious website that presents deceitful content and prompts users to subscribe to notifications. Our team found usprotection[.]click during an investigation of websites that employ rogue advertising networks. It is not a website that users typically visit deliberately.
Mamai is the name of a ransomware-type program. It is part of the MedusaLocker ransomware family. Once we executed a sample of Mamai on our test machine, it began encrypting files and appended their filenames with a ".mamai10" extension. Original filename like "1.jpg" appeared as "1.jpg.mamai10",
While investigating new malware submissions to VirusTotal, our researchers discovered the Zxc ransomware-type program. This malicious program belongs to the VoidCrypt ransomware family. After we executed a sample of Zxc on our test machine, it encrypted files and modified their filenames. Origina