While examining captchafine[.]live, we discovered that it uses a clickbait technique (displays a deceptive message) to lure visitors into allowing it to show notifications. Also, captchafine[.]live redirects to scam websites. This page has at least two variants. We discovered captchafine[.]live wh
After inspecting the "NATURALISTS" email - we determined that it is spam operating as a phishing scam. This letter targets recipients' email account log-in credentials (passwords) by claiming that they must sign in to access the shared file. This spam email is presented as a notification r
While investigating the Landscape Scroller browser extension, we found that it changed the web browser's settings. It hijacked a web browser to promote search.landscapescroller.net - a fake search engine. Our team discovered Landscape Scroller on a deceptive web page. Landscape Scroller is
Kcvp is ransomware belonging to the Djvu family. We discovered this Djvu variant while examining malware samples submitted to the VirusTotal page. Kcvp encrypts files, appends the ".kcvp" extension to filenames, and drops the "_readme.txt" file (a ransom note). It is known that Djvu ransomware is
Kcbu is ransomware that prevents victims from opening their files by encrypting them. It is one of the Djvu ransomware variants. We discovered Kcbu while checking the VirusTotal page for recently submitted malware samples. This variant appends the ".kcbu" extension to filenames and drops the "_rea
Scoreboard Tab is a rogue browser extension that we discovered while checking out deceptive software-promoting websites. Our analysis of this Scoreboard Tab revealed that it operates as a browser hijacker - modifies browsers to cause redirects. Scoreboard Tab reassigns the URLs of browsers
During a routine investigation of suspicious websites, our researchers discovered the Emoji Copy Paste browser extension. It is endorsed as a tool that enables users to copy and paste any emoji. However, our inspection of this extension revealed that it operates as a browser hijacker promoting th
"Large File Send" is an email that our research revealed to be spam. This fake letter operates as a phishing scam targeting email account log-in credentials. It does so by claiming that a file sent to the recipient can only be accessed by following the provided link. The spam email with th
Exactofferslink[.]com is a rogue page discovered by our research team during a routine investigation of untrustworthy websites. This webpage promotes scams and spam browser notifications. Additionally, it can redirect visitors to other (likely untrustworthy/malicious) sites. Users typically acces
While examining the Videos application, we found that it belongs to the ChromeLoader malware family. It is an advertising-supported application that shows unwanted ads. We discovered the Videos app after downloading a VHD file from a deceptive page. It is important to mention that ChromeLoader app