During a routine investigation of websites that use rogue advertising networks, our research team found a page endorsing the ComedyTab browser extension. It promises to display jokes from famous comedians on every new browser tab. However, our analysis revealed that in addition to working as adver
We inspected the "Verify Your Email Address" email and determined that it is spam. The letter states that the recipient's email account must be verified for security purposes. This spam mail operates as a phishing scam and aims to steal email passwords by promoting a fake sign-in webpage.
While studying this email, we learned that it is written by scammers who aim to trick unsuspecting recipients into providing sensitive information. It is disguised as a letter from an email service provider and contains a link to a phishing website. This email should be marked as spam and deleted
Injector trojan refers to a type of malware designed to inject malicious code into programs and processes. The application of these trojans varies; they may be capable of changing the operation of legitimate software or causing chain infections (i.e., downloading/installing additional malware). Du
While examining captchafine[.]live, we discovered that it uses a clickbait technique (displays a deceptive message) to lure visitors into allowing it to show notifications. Also, captchafine[.]live redirects to scam websites. This page has at least two variants. We discovered captchafine[.]live wh
After inspecting the "NATURALISTS" email - we determined that it is spam operating as a phishing scam. This letter targets recipients' email account log-in credentials (passwords) by claiming that they must sign in to access the shared file. This spam email is presented as a notification r
While investigating the Landscape Scroller browser extension, we found that it changed the web browser's settings. It hijacked a web browser to promote search.landscapescroller.net - a fake search engine. Our team discovered Landscape Scroller on a deceptive web page. Landscape Scroller is
Kcvp is ransomware belonging to the Djvu family. We discovered this Djvu variant while examining malware samples submitted to the VirusTotal page. Kcvp encrypts files, appends the ".kcvp" extension to filenames, and drops the "_readme.txt" file (a ransom note). It is known that Djvu ransomware is
Kcbu is ransomware that prevents victims from opening their files by encrypting them. It is one of the Djvu ransomware variants. We discovered Kcbu while checking the VirusTotal page for recently submitted malware samples. This variant appends the ".kcbu" extension to filenames and drops the "_rea
Scoreboard Tab is a rogue browser extension that we discovered while checking out deceptive software-promoting websites. Our analysis of this Scoreboard Tab revealed that it operates as a browser hijacker - modifies browsers to cause redirects. Scoreboard Tab reassigns the URLs of browsers