Our research team found the Acessd ransomware-type program during a routine inspection of new submissions to VirusTotal. This program is part of the MedusaLocker ransomware family, and it is designed to encrypt data and demands ransoms for the decryption. Once we executed a sample of Acessd on ou
Soul is the name of the malware framework. Cybercriminals behind it use a downloader that executes a loader dubbed SoulSearcher. This loader is accountable for the decryption, downloading, and loading of other modules of the Soul modular backdoor into memory. The usage of the Soul framework has be
Our tests of control-search.xyz revealed it to be a fake search engine that does not produce its own search results. It is important to note that these types of search engines are often promoted through browser-hijacking applications, and users often unintentionally add them to their browsers.
While testing searchitonlinehome.com, we found that it shows ads and may display questionable results. Thus, it is not a completely reliable search engine. It is common for dubious search engines to be promoted via browser hijackers. Apps of this type change web browser settings to force users to
Usprotection[.]click is a dubious website that presents deceitful content and prompts users to subscribe to notifications. Our team found usprotection[.]click during an investigation of websites that employ rogue advertising networks. It is not a website that users typically visit deliberately.
Mamai is the name of a ransomware-type program. It is part of the MedusaLocker ransomware family. Once we executed a sample of Mamai on our test machine, it began encrypting files and appended their filenames with a ".mamai10" extension. Original filename like "1.jpg" appeared as "1.jpg.mamai10",
While investigating new malware submissions to VirusTotal, our researchers discovered the Zxc ransomware-type program. This malicious program belongs to the VoidCrypt ransomware family. After we executed a sample of Zxc on our test machine, it encrypted files and modified their filenames. Origina
"Webmail Security Changes" was revealed to be a spam email by our inspection. This letter is presented as a notification from the recipient's mail service provider regarding unauthorized changes to the email account. This phishing letter targets recipients' log-in credentials in order to steal the
While investigating suspicious websites, our researchers discovered the Infinity Search browser extension. After installing this piece of software on our test machine, we learned that it operates as a browser hijacker. Infinity Search modifies browsers to promote the search.infinity-searches.com f
The purpose of SYS01 is to steal sensitive information, such as login credentials, cookies, and data related to Facebook ad and business accounts. Cybercriminals behind SYS01 have been observed targeting employees in government infrastructure, manufacturing companies, and various other industries.