While investigating browser-hijacking software, our research team discovered the topresultssearch.com illegitimate search engine. Websites of this kind usually cannot generate search results, but topresultssearch.com is an exception. However, the results it provides include irrelevant and potentia
While investigating dubious websites, our research team found the us-safehub[.]click rogue webpage. It is designed to run scams and promote browser notification spam. Furthermore, this page can redirect users elsewhere (likely untrustworthy/harmful) sites. Most visitors to us-safehub[.]click and
Colour-Blind is the name of a Remote Access Trojan (RAT) written in Python. This malware steals sensitive information and allows cybercriminals to perform various tasks on infected machines. Colour-Blind malware is also designed to evade detection. It is known that Colour-Blind is delivered via ma
IceFire (also known as iFire) is ransomware that encrypts files, appends the ".iFire" extension to filenames, and creates the "iFire-readme.txt" file (a ransom note). The purpose of IceFire is to keep files inaccessible until a ransom is paid. An example of how IceFire renames files: it changes "
Cinoshi is the name of an information-stealing malware. There are several variants of this stealer, some of which have additional abilities – including botnet, clipper, and cryptominer functionalities. The presence of Cinoshi malware on the system can endanger both device integrity and user privac
After inspecting the "Junk Filter" email, we determined that it is spam. This fake letter offers a bogus junk/spam mail filter to prevent the influx of unwanted content to the recipient's inbox. The aim of this phishing email is to trick recipients into disclosing their mail account log-in credent
While examining findmeday.com, we found that it is a shady search engine that may provide misleading results. Typically, search engines of this sort are advertised through browser hijackers, which modify browser settings to promote the search engine. Users seldom download these applications intent
During our evaluation of the Zoco PDF Viewer application/browser extension, we observed that it exhibits intrusive advertisements, leading us to classify it as adware. Further analysis revealed that Zoco PDF Viewer has the ability to read and modify all data on any website. Our team discovered Zoc
Upon inspection of the email, we have concluded that it is a phishing scam, where scammers attempt to obtain sensitive information from unsuspecting individuals. The email masquerades as a DHL shipment arrival notice and includes an attachment that leads to a fake login page. This letter a
Our research team encountered a ransomware dubbed Coba while analyzing malware samples submitted to VirusTotal. Coba belongs to the Djvu family and operates by encrypting the victim's files once it infects their computer. The original filename is modified by appending the ".coba" extension to it.