Kcbu is ransomware that prevents victims from opening their files by encrypting them. It is one of the Djvu ransomware variants. We discovered Kcbu while checking the VirusTotal page for recently submitted malware samples. This variant appends the ".kcbu" extension to filenames and drops the "_rea
Scoreboard Tab is a rogue browser extension that we discovered while checking out deceptive software-promoting websites. Our analysis of this Scoreboard Tab revealed that it operates as a browser hijacker - modifies browsers to cause redirects. Scoreboard Tab reassigns the URLs of browsers
During a routine investigation of suspicious websites, our researchers discovered the Emoji Copy Paste browser extension. It is endorsed as a tool that enables users to copy and paste any emoji. However, our inspection of this extension revealed that it operates as a browser hijacker promoting th
"Large File Send" is an email that our research revealed to be spam. This fake letter operates as a phishing scam targeting email account log-in credentials. It does so by claiming that a file sent to the recipient can only be accessed by following the provided link. The spam email with th
Exactofferslink[.]com is a rogue page discovered by our research team during a routine investigation of untrustworthy websites. This webpage promotes scams and spam browser notifications. Additionally, it can redirect visitors to other (likely untrustworthy/malicious) sites. Users typically acces
While examining the Videos application, we found that it belongs to the ChromeLoader malware family. It is an advertising-supported application that shows unwanted ads. We discovered the Videos app after downloading a VHD file from a deceptive page. It is important to mention that ChromeLoader app
Bkqfmsahpt is a piece of malicious software classified as ransomware. We discovered this program while inspecting new malware submissions to VirusTotal. It is noteworthy that Bkqfmsahpt is part of the Snatch ransomware family. On our test machine, Bkqfmsahpt encrypted files and changed their file
Our inspection of the "Suspension Notice" email revealed that it is spam operating as a phishing scam. This fake letter is presented as a notification from the recipient's email service provider stating that their account has been marked for suspension. Through a bogus verification process, this s
Our team downloaded and tested the Storage Controller browser extension and found that it shows unwanted advertisements. Additionally, it can read and change data on all websites. Since Storage Controller shows ads, we classified it as adware. We discovered this app on a deceptive website.
IcSpy is a malicious program designed to infect Android devices. It is an information-stealing malware that primarily targets banking and finance-related data. The researched variant was disguised as the app of the State Bank of India (SBI); however, other disguises are possible. This version was