RecordBreaker is a piece of malicious software classified as a stealer. Malware of this kind is designed to extract and exfiltrate vulnerable data and content. RecordBreaker has been actively spread through various websites offering "cracked" software. Following successful infiltration, ai
Not to be confused with any legitimate software under the name of "Internet Download Manager", this extension is a browser hijacker. While this fake extension is presented as a tool for advanced download management, it modifies browser settings to promote the smartwebfinder.com illegitimate searc
OpenSubtitles Uploader is a rogue application. After analyzing this app, we determined that it operates as advertising-supported software (adware). In other words, it enables the placement of third-party graphical content on various interfaces. OpenSubtitles Uploader may have additional undesirabl
While inspecting scam sites, our research team discovered a rogue installer containing the Extension Settings browser extension. After analyzing this piece of software, we determined that it is a browser hijacker that promotes the ardslediana.com fake search engine. Typically, browser hija
Our research team found yet another program belonging to the Scarab ransomware family named ZZZZZ. Malware within the ransomware classification is designed to encrypt files and demand ransoms for the decryption. After we launched a sample of ZZZZZ (Scarab) ransomware on our test system, it encryp
DONKEYHOT is ransomware used to blackmail victims. It encrypts files and keeps them inaccessible until a ransom is paid. We discovered DONKEYHOT while checking VirusTotal for recently submitted malware samples. In addition to encrypting files, this ransomware modifies filenames and generates the "
While examining emyresumef[.]hair, we found that it can show deceptive notifications (if allowed) and redirect visitors to other shady pages. It uses a clickbait technique to trick visitors into agreeing to receive notifications. Our team discovered emyresumef[.]hair while inspecting sites that us
While inspecting dubious websites, our researchers discovered the tpnwslnd[.]com rogue page. It promotes spam browser notifications and redirects users to other (likely untrustworthy/harmful) webpages. Most visitors to tpnwslnd[.]com and similar sites enter them via redirects caused by pages that
After analyzing this email, we learned that threat actors use it to trick people into believing that they have received an email from the sales department of a company located in Vietnam. Their goal is to trick recipients into opening a malicious attachment. That attachment is used to distribute G
While examining malware samples submitted to VirusTotal, our researchers discovered a new Djvu ransomware variant called Qqpp. This ransomware encrypts files and appends the ".qqpp" extension to filenames. It also drops a ransom note (a text file named "_readme.txt") on the desktop. An example of