While investigating new submissions to VirusTotal, our research team discovered the Nochi ransomware-type program. This malware is based on the Chaos ransomware. After we executed a sample of Nochi on our test machine, it encrypted files and modified their filenames. The titles of affected files
During our investigation of advertisingnpclub[.]com, we determined that the site aims to entice visitors to allow notifications. We came across advertisingnpclub[.]com while examining pages that utilize untrustworthy advertising networks. Users do not visit pages advertisingnpclub[.]com on purpose
Our inspection of the "Password Expiry Notification" email revealed that it is spam. It falsely claims that the recipient's email account password will expire soon. The goal of this phishing mail is to obtain victims' log-in credentials and steal their email accounts. The email with the su
After examining speedyanswersnow.com, we discovered that it is a questionable search engine. Such search engines typically have poor search functionality and are often associated with browser hijackers. Usually, users unknowingly download and add browser hijackers to their browsers. Speedy
While examining myonesearches.com we learned that this is a questionable search engine that shows ads and may provide misleading results. Thus, it is recommended to avoid using myonesearches.com. It is worth noting that search engines of this kind are often promoted via browser hijackers.
While analyzing malware samples submitted to VirusTotal, our researchers came across BACKJOHN - ransomware that belongs to the Phobos family. We found that BACKJOHN encrypts data, modifies filenames of all encrypted files, and creates "info.hta" and "info.txt" files (ransom notes). BACKJOHN appen
While inspecting dubious websites, our research team discovered the Cosmos Extension browser extension. After investigating this piece of software, we determined that it is a browser hijacker. Cosmos Extension makes changes to browser settings in order to promote (via redirects) the cosmosextensio
Our researchers discovered the Price Tracking Pro browser extension while investigating deceptive websites. According to its promotional material, this extension is a tool that aids with online shopping, i.e., tracks prices, seller ratings, and other related information. However, our analysis reve
Search-mood.com is the address of a fake search engine. These sites cannot generate search results. However, this website is different, but its results are inaccurate and may include deceptive/harmful content. Typically, illegitimate search engines are promoted (via redirects) by browser hijacker
Communique is a rogue application that we discovered while investigating suspicious sites. After inspecting this app, we determined that it is advertising-supported software (adware). It is designed to run intrusive ad campaigns and may have additional harmful abilities. Adware operates by