CoolADSBlockSearch is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. CoolADSBlockSearch modifies browser settings to promote the cooladsblocksearch.com fake search engine. CoolADSBlockSearch reassigns browsers' homep
Our inspection of the "DHL Express - CONFIDENTIALITY NOTICE" email uncovered that it is spam. This mail operates as a phishing scam. The letter is presented as a confidential message that recipients can access by providing their email account credentials. It must be emphasized that these emails a
Our researchers discovered the protect-data-2022[.]xyz rogue site while investigating suspicious webpages. This page operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely unreliable/malicious) websites. Most users access pages like protect-data-
After testing the ClickDark application, our team learned that it shows annoying advertisements. Therefore, we classified ClickDark as adware. We discovered this app while examining deceptive websites offering/instructing us to download supposedly useful (or required) browser extensions. C
While inspecting new submissions to VirusTotal, our research team discovered a ransomware-type program called Scam. It is yet another one based on the Chaos ransomware. On our test machine, the Scam ransomware encrypted files and appended their filenames with a ".scam" extension. For example, a f
QueueBuffer is a piece of rogue software that our researchers discovered while inspecting new submissions to VirusTotal. Analyzing this app revealed that it operates as adware. Additionally, QueueBuffer belongs to the AdLoad malware family. Adware is designed to enable the placement of t
While examining malware samples submitted to the VirusTotal, our team discovered FirstKill - ransomware that encrypts files. It is used to blackmail victims by demanding to pay for a decryption tool. FirstKill not only encrypts but also renames files (appends the ".FirstKill" extension), changes t
After inspecting the "DHL e-Shipping Invoice" email, we determined that it is spam. This email spam campaign operates as a phishing scam. These letters claim to contain an invoice regarding a shipment, which recipients can view and inquire about by logging in with their email accounts. However, by
After inspecting this letter, our team concluded that its purpose is to trick recipients into infecting their computers with malware. We found that this email is disguised as a letter regarding a money refund and contains an attachment designed to download a file containing another (malicious) fil
Demon is a type of malware (ransomware) that encrypts files. We discovered it while examining malware samples submitted to the VirusTotal site. Threat actors behind it demand payment in return for decryption tools. Additionally, Demon ransomware appends ".demon" extension to filenames and creates