During our analysis of Tyos, we determined that this malware operates as ransomware: it encrypts files and adds the ".tyos" extension to their names. Additionally, it creates a ransom note named "_readme.txt". Our team discovered this ransomware while examining malware samples submitted to the Vir
Smartreviewglobal[.]com is a rogue webpage we discovered during a routine investigation of questionable sites. It is designed to promote scams and browser notification spam. Furthermore, this page is capable of redirecting visitors to different (likely unreliable/hazardous) sites. Users primarily
Our researchers discovered Cool Facts while investigating rogue websites. This browser extension supposedly delivers interesting facts and allows users to get wallpapers, clocks, and other content for their new browser tabs. However, our inspection of Cool Facts revealed that it operates as a brow
While inspecting new submissions to VirusTotal, our research team discovered a malicious program named F**ked (title censored throughout the article, the asterisks stand for the letters "u" and "c", respectively). This program belongs to the Chaos ransomware family. Malware within the ransomware c
"Webmail Account Maintenance" is a spam email presented as a notification from Webmail. The fake letter states that the recipient's email account will be blocked due to unresolved maintenance issues. This spam mail promotes a phishing website targeting email account log-in credentials. The
Zaraza is the name of a stealer-type malware. Programs within this classification operate by extracting (stealing) information from infected systems and installed applications. Stealers can target specific details or a broad range of data. Regardless, malware like Zaraza poses serious threats to u
After examining ytgoconverter[.]com, we concluded that this page offers to download videos from YouTube, wants to show notifications, and uses shady advertising networks. It is important to mention that downloading videos from YouTube without permission from the copyright holder is generally not l
Our research team discovered an installation setup containing a browser hijacker named "Ring" while inspecting deceptive sites. Typically, software within this category makes alterations to browser settings. However, Ring does not modify browsers to promote the dmiredindee.com fake search engine.
We have determined that searchtonow.com is a dubious search engine that could present misleading results and advertisements. Typically, search engines are promoted through browser hijackers - applications that alter a web browser's settings. It is recommended to avoid using questionable search eng
PowerMagic is the name of a backdoor malware written in PowerShell. It is known that PowerMagic is used in attacks where cybercriminals distribute another malware called CommonMagic. Backdoor malware refers to a form of malicious software that creates a concealed entry point into a computer system