Our researchers discovered the productlifesoft[.]com rogue page during a routine investigation of suspect websites. It is designed to endorse unreliable/harmful software and spam browser notifications. Additionally, this site may redirect visitors to different (likely dubious/malicious) websites.
Our team examined rdsurvey366[.]top and found that it is one of the websites that displays a deceptive message (uses a clickbait technique) to lure visitors into agreeing to receive notifications. We also learned that there are at least two versions of rdsurvey366[.]top. One of the variant
Screenshotter is a piece of malicious software. There are multiple variants of this malware – written in AutoIT, Python, and versions combining JavaScript and IrfanView. Its primary functionality is to take screenshots. This malware is an integral part of campaigns dubbed by Proofpoint as "Screen
After examining Garsomware, we determined that it is ransomware based on Chaos ransomware. It is designed to prevent victims from accessing files by encrypting them. Also, Garsomware appends its extension (four random characters) to filenames and creates the "Garsomware.txt" file containing instru
After testing onlinesearchnow.com, we found that it is an untrustworthy search engine that generates questionable results (including advertisements). Typically, search engines like onlinesearchnow.com are promoted by browser hijackers. These apps promote search engines by changing the settings of
Search2online.com is the URL of a fake search engine. Websites of this kind are usually promoted by software under the browser hijacker classification. This software modifies browsers in order to promote (by causing redirects to) sites like search2online.com. It is noteworthy that both illegitimat
Enigma is an information stealer written in the C# programming language. It is a variation of another stealer known as Stealerium. It is important to note that Enigma is also the name of a legitimate company that offers business intelligence and data services, which has no association with the inf
Our team has found that searchthatonline.com is a search engine that may generate questionable results and display ads. It is common for search engines of this nature to be promoted by browser hijackers, which alter the browser's settings. Users often add such apps to browsers unintentionally.
In our analysis of Vvoo, we found that it is a ransomware variant from the Djvu family. Vvoo encrypts data, appends the ".vvoo" extension to the filenames of the encrypted files, and creates a ransom note (the "_readme.txt" file). Our team came across Vvoo while reviewing samples submitted to Viru
After investigating the "Social Security Account Missing Information" spam email, we determined that it operates as a phishing scam. Allegedly, this letter regards the recipient's social security documentation, which is in an attachment. The attached file is "encrypted" and requires the user to l