While examining the SAI assistant browser extension, we noticed that it modifies the settings of a web browser to promote a fake search engine (search.extjourney.com). Thus, we classified AI assistant as browser hijacker. Additionally, AI assistant can read various data. Users should not download
Sus is ransomware that our team discovered while checking malware samples submitted to the VirusTotal page. We found that Sus is based on Chaos ransomware. Sus encrypts data, appends the ".sus" extension to filenames of all encrypted files, and drops a ransom note (the "read_it.txt" file). An exa
MacStealer is a type of information-stealing software that can obtain login credentials, cookies, and documents from a victim's web browser. It targets macOS versions from Catalina onwards, and can infect computers that use Intel M1 and M2 CPUs. MacStealer is for sale for $100 on a hacker forum.
Skynet is one of the ransomware variants belonging to the MedusaLocker family. Our malware researchers discovered Skynet while analyzing malware samples submitted to the VirusTotal site. The purpose of Skynet is to encrypt files on the infected computer. Also, Skynet creates the "Instructions for
While examining search-alpha.com, we learned that it is a fake search engine that shows results from other search engines. Search-alpha.com is another variant of searchmarquis.com. Fake search engines are promoted mainly through browser hijackers that modify the settings of web browsers. Thus, i
Dark Power is ransomware that prevents victims from accessing files by encrypting them. Also, Dark Power creates the "readme.pdf" file which contains a ransom note. Additionally, it appends the ".dark_power" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.dark_power", "2.png" to "2.png.
We have examined searchessearches.com and found that it is a fake search engine. Our team discovered searchessearches.com after adding an untrustworthy application to a web browser. One of the extensions promoting searchessearches.com is named Apps. We discovered it on a deceptive website.
During our examination of the Volt browser extension, we discovered that it is a browser hijacker designed to promote search.volt-tab.com by changing the browser settings. We also learned that search.volt-tab.com is a fake search engine. Users rarely download browser-hijacking apps on purpose.
Jypo is ransomware that prevents victims from accessing data by encrypting it. Also, Jypo renames files by appending its extension (".jypo") to filenames and drops its ransom note ("_readme.txt"). Our discovery of Jypo came from analyzing malware samples submitted to VirusTotal. Moreover, our inv
During our analysis of Jywd, we identified it as a variant of the Djvu ransomware family. Jywd works by encrypting data and appending the ".jywd" extension to the filenames of the affected files while also creating a ransom note in the form of a "_readme.txt" file. Our team discovered Jywd during