Image Viewer is promoted as a browser extension that enhances image viewing capabilities. However, during our examination, we found that Image Viewer displays ads (it supports ads). For this reason, we classified Image Viewer as adware. It is worth noting that we discovered Image Viewer on a decep
After examining this email, our team has determined that it is a phishing attempt disguised as a message from an email service provider, with the scammers claiming to be the Microsoft team. The intention of the scammers behind this letter is to entice unaware recipients into accessing the fraudule
Our researchers found the Anonymous Video Player browser extension while investigating questionable websites. This extension is presented as a tool that allows users to playback videos and download them in multiple formats. After analyzing Anonymous Video Player, we determined that it is advertisi
While investigating new submissions to VirusTotal, our researchers discovered the Attack ransomware. Malware within this classification encrypts data and demands payment for its decryption. There are several variants of Attack, and it belongs to the MedusaLocker ransomware family. Encrypted files
AMOS (Atomic) stealer, is a malicious program targeting Mac OSes (Operating Systems). It is classified as a stealer – a type of malware that extracts and exfiltrates information from infected devices. At the time of writing, AMOS is actively sold on Telegram. Once we executed a sample of
Upon reviewing this letter, we have determined that it is a phishing email aimed at obtaining sensitive information from its recipients. The email includes an attachment that leads to a fraudulent website. It is disguised as a letter regarding a sales contract from the Sea Map Group. This
Fast-redirectus[.]xyz is the address of a rogue webpage that we discovered while inspecting untrustworthy sites. This page is designed to promote spam browser notifications and redirect users to other (likely dubious/malicious) websites. Most visitors to webpages like fast-redirectus[.]xyz access
MgBot is a malware framework. It is capable of causing chain infections (i.e., downloading/installing additional malicious programs or components). Additionally, this framework supports multiple plug-ins that are geared toward data exfiltration. MgBot has been used in an attack on an African tele
Our examination has revealed that top-search.xyz is a fake search engine. Such search engines are usually promoted through browser hijackers, which users unknowingly install on computers or add to browsers as apps. As a result, the browser settings are modified without their knowledge or consent.
Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services. This Trojan primarily affects users in Thailand. It has been active since the start of 2022 and is continuously updated with new capabilities. Cybercriminals can