Our team identified Qarj as a type of ransomware that belongs to the Djvu ransomware family. Once it infects a system, it encrypts files and modifies their filenames by appending the ".qarj" extension. The ransom note, which provides instructions for contacting the attackers for file decryption, i
During our analysis of malware samples submitted to VirusTotal, our research team came across a ransomware called Qapo. Qapo is a type of ransomware that belongs to the Djvu family and functions by encrypting the victim's files once it has infiltrated their computer. The original filename is modif
Our evaluation of resultstec.com has revealed that it is an untrustworthy search engine that could produce unreliable search results and display dubious ads. Such search engines, like resultstec.com, are often promoted through browser-hijacking applications that modify web browser settings to prom
Topwebanswers.com is the address of a fake search engine. Typically, these websites cannot generate search results. However, topwebanswers.com is an exception, but its results are irrelevant and include sponsored and potentially deceptive/harmful content. Most illegitimate search engines are prom
Our research team discovered the Daily Jokes browser extension while inspecting rogue websites. It is endorsed as a multi-functional/multi-widget software, with features including – daily display of jokes, wallpapers, clock, current weather, sticky notes, to-do list, and others. However, our analy
While investigating browser-hijacking software, our research team discovered the topresultssearch.com illegitimate search engine. Websites of this kind usually cannot generate search results, but topresultssearch.com is an exception. However, the results it provides include irrelevant and potentia
While investigating dubious websites, our research team found the us-safehub[.]click rogue webpage. It is designed to run scams and promote browser notification spam. Furthermore, this page can redirect users elsewhere (likely untrustworthy/harmful) sites. Most visitors to us-safehub[.]click and
Colour-Blind is the name of a Remote Access Trojan (RAT) written in Python. This malware steals sensitive information and allows cybercriminals to perform various tasks on infected machines. Colour-Blind malware is also designed to evade detection. It is known that Colour-Blind is delivered via ma
IceFire (also known as iFire) is ransomware that encrypts files, appends the ".iFire" extension to filenames, and creates the "iFire-readme.txt" file (a ransom note). The purpose of IceFire is to keep files inaccessible until a ransom is paid. An example of how IceFire renames files: it changes "
Cinoshi is the name of an information-stealing malware. There are several variants of this stealer, some of which have additional abilities – including botnet, clipper, and cryptominer functionalities. The presence of Cinoshi malware on the system can endanger both device integrity and user privac