We examined this email and uncovered that the sender disguised it as a letter from Atlantis Translogistik, a freight forwarding service company in North Jakarta. Additionally, the email includes two harmful attachments used to distribute malware. Therefore, recipients are advised to ignore the ema
Goba is a ransomware variant that utilizes encryption to lock files, and as part of its process, it adds the ".goba" extension to the filenames of all encrypted files. This malware also creates a ransom note, which is saved as "_readme.txt". Goba is part of the Djvu ransomware family and may be di
During our analysis of malware samples submitted to VirusTotal, we came across Goaq, a ransomware belonging to the Djvu family. Goaq encrypts files and adds the ".goaq" extension to the filenames of encrypted files. It also creates a text file called "_readme.txt" that contains a ransom note. As
Gosw is a type of ransomware that is part of the Djvu family. When Gosw infects a system, it encrypts files and appends the ".gosw" extension to the file names. It also creates a ransom note in the form of a "_readme.txt" file. Our researchers identified Gosw during an analysis of malware samples
Our research team discovered the Bizzy Beaver browser extension during a routine investigation of untrustworthy sites. It is endorsed as a productivity tool. However, our analysis uncovered that this extension modifies browsers to promote (thorough redirects) the search.bizzy-beaver.com fake searc
While inspecting deceptive websites, our research team discovered a page promoting an installer containing the MetAI assistant browser extension. It is endorsed as a tool that allows users to employ "OpenAI" (likely the ChatGPT chatbot developed by OpenAI) on the Facebook social networking platfor
Our researchers discovered the Qwik Search browser extension while inspecting rogue websites. This software promises to improve the Web searching experience by allowing easy access to popular search engines. However, our analysis of Qwik Search revealed that it is a browser hijacker. This extensio
While investigating new submissions to VirusTotal, our research team discovered the ActivityCache app. After inspecting this piece of software, we determined that it operates as adware. Additionally, we learned that this application is part of the AdLoad malware family. Adware stands for
Our inspection of the "ACCOUNT SHUT-DOWN" email revealed that it is spam. This letter states that the recipient's email account will be shut down per their request. This spam mail operates as a phishing scam and promotes a fake email sign-in page that records the passwords entered into it.
While inspecting the Never Forget Tab browser extension, we found that it is a browser hijacker designed to promote two fake search engines: find.eonenavigate.com and neverforgettab.com. This app promotes them by changing the web browser's settings. It is strongly recommended not to trust the Neve