LOBSHOT is a type of malware with a feature called hVNC (Hidden Virtual Network Computing) that allows attackers to access a victim's computer without being noticed. The hVNC component is effective in evading fraud detection systems. Also, LOBSHOT is being used to carry out financial crimes throu
Fofd is a type of ransomware that belongs to the Djvu family. It encrypts files on the victim's computer and demands a ransom payment for the decryption tools. Our team discovered Fofd while reviewing recently submitted malware samples on the VirusTotal site. It is important to note that Fofd may
During our analysis of malware samples submitted to VirusTotal, our team came across Sato ransomware, which belongs to the Djvu family. Once a computer is infected, Sato encrypts the files and adds the ".sato" extension to their filenames. Moreover, it generates a ransom note (creates a text file
While examining malware samples submitted to VirusTotal, we encountered Saba, a ransomware variant from the Djvu ransomware family. Saba encrypts files and modifies their filenames by adding the extension ".saba". Additionally, it generates a ransom note, a text file named "_readme.txt". An examp
Bumperskiner[.]com is a rogue webpage that our research team found while investigating suspicious sites. Two appearance variants were discovered, both using fake CAPTCHA to promote browser notification spam. Additionally, bumperskiner[.]com is capable of redirecting users to other (likely unreliab
Our researchers discovered the Spice browser extension during a routine inspection of untrustworthy websites. This extension is endorsed as a quick-access tool for recipes, dietary recommendations, best-rated restaurants, and other food-related content. Our analysis of Spice revealed that it oper
While investigating dubious websites, our research team discovered the Plant Planet browser extension. It is endorsed as a quick-access tool to healthy lifestyle related content. Our analysis revealed that Plant Planet operates as a browser hijacker and promotes (through redirects) the finddbest.c
Our research team discovered the dm*.biz rogue website family during a routine investigation of untrustworthy sites. This group includes pages that have similar URLs that differ by number, e.g., dm01[.]biz, dm02[.]biz, dm03[.]biz, dm04[.]biz, etc. Rogue webpages of this kind are designed to load
Lady Like is the name of a browser extension that our research team discovered while inspecting suspicious sites. After investigating this piece of software, we learned that it is a browser hijacker. In other words, Lady Like makes alterations to browser settings in order to endorse (via redirects
While inspecting suspect websites, our researchers discovered the asnzvu[.]com rogue page. It is designed to endorse spam browser notifications and redirect visitors to other (likely untrustworthy/harmful) sites. Users primarily access such webpages via redirects caused by sites using rogue adver