Our research team encountered a ransomware dubbed Coba while analyzing malware samples submitted to VirusTotal. Coba belongs to the Djvu family and operates by encrypting the victim's files once it infects their computer. The original filename is modified by appending the ".coba" extension to it.
Searchwebhelp.com is the address of an illegitimate search engine. While most sites of this kind cannot provide search results, this website is an exception. However, the results are inaccurate and may include deceptive and potentially harmful content. Fake search engines are commonly promoted by
PayMe100USD is the name of a ransomware-type program. Malware within this classification operates by encrypting data and demanding payment for the decryption tools. Once we executed a sample of PayMe100USD ransomware on our test machine, it encrypted files and appended their filenames with a ".Pa
Upon our inspection of the "Check Your Email" letter, we determined that it is spam operating as a phishing scam. This fake email instructs recipients to verify their mail account within 24 hours to keep it operational. It must be emphasized that all these claims are false and intended to trick us
While examining this email, we learned it is a phishing letter claiming to contain a copy of a remittance. The link in this email leads to a phishing page - a deceptive site designed to steal personal information from visitors. Thus, recipients of this email should not open the provided page and d
Ryuk (Fonix) is the name of a ransomware-type program. Malware within this classification is designed to encrypt data and demand payment for its decryption. This program imitates RYUK/RYK ransomware (i.e., extension, ransom note, etc.) – however, it actually is the Fonix ransomware. After we exec
Authenticpcnetwork[.]com is among the deceptive websites that use the "McAfee - Your PC is infected with 5 viruses!" scam to trick visitors. The page displays false virus alerts to convince users to buy legitimate software. Also, authenticpcnetwork[.]com requests permission to display shady notifi
Our research team found the euhelpcenter[.]click rogue webpage during a routine inspection of suspicious sites. This page is designed to promote deceptive content (online scams) and browser notification spam. Additionally, it can redirect visitors to other (likely untrustworthy/harmful) websites.
While examining Tennis Start browser extension, we found that it hijacks a web browser by changing its settings. The purpose of Tennis Start is to promote search.nstart.online - a fake search engine. It is worth mentioning that users rarely download and add/install browser hijackers intentionally.
Nowtosearch.com is the address (URL) of a fake search engine. While most sites of this kind cannot generate search results, this website is an exception. However, the results provided by nowtosearch.com can be irrelevant and include deceptive/harmful content. In most cases, illegitimate search en