Our researchers found the euprotection[.]click rogue page while inspecting dubious websites. It is designed to promote scams and spam browser notifications. Furthermore, this webpage can redirect visitors to other (likely untrustworthy/hazardous) sites. Most users can enter such pages via redirect
Our researchers discovered the Merlin ransomware during a routine investigation of new submissions to VirusTotal. After we executed a sample of this malware on our test system, it encrypted files and appended their filenames with a ".Merlin" extension. For example, a file initially titled "1.jpg"
While inspecting deceptive websites, our researchers discovered the COVID Dashboard, full title – COVID dashboard at Johns Hopkins University – browser extension. It is promoted as a tool for easy access to information concerning the COVID-19 pandemic. After investigating this extension, we deter
We have tested nowsearchit.com and found that it is a questionable search engine that may generate unreliable results. Search engines of this kind are promoted mainly via browser hijackers. Typically, users install/add apps of this type without knowing that these apps will change the settings of t
Our research team found the Usr ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Phobos ransomware family. Once we executed a sample of Usr on our test machine, it began encrypting files. The filenames of the affected files were appended with a u
While inspecting rogue websites, our research team found a page promoting the PixelSee application. It is endorsed as a free media player. However, due to the app's dubious promotion and potentially unmentioned undesirable functionalities, it is classed as a PUA (Potentially Unwanted Application)
A cryptocurrency clipper is a harmful software that can obtain and alter the information stored in the clipboard. ESET has reported numerous fraudulent Telegram and WhatsApp websites which aim to deceive Android (and Windows) users by offering fake (malicious) versions of these messaging applicati
While investigating suspicious websites, our researchers discovered an installer (commonly detected as Valyria) that contained the Bottle browser hijacker. Unlike most software within this classification, it does not modify browser settings to promote its fake search engine – oldforeyes.com.
After downloading and adding the Tabs Organizer for Chrome extension to our browser, we found that this app displays annoying advertisements. Due to this behavior, we classified Tabs Organizer for Chrome as adware. In most cases, users install/add adware without realizing it. Tabs Organize
While inspecting new submissions to VirusTotal, our research team discovered the LeadingExplorerSearch application. Our analysis of this app revealed that it is advertising-supported software (adware). It is pertinent to mention that LeadingExplorerSearch belongs to the AdLoad malware family.