FortSearch is a piece of rogue software. After analyzing it, we determined that this extension operates as a browser hijacker. FortSearch makes alterations to browser settings in order to promote (by causing redirects to) the fortsearch.xyz fake search engine. Once installed onto our test
WanaCray2023+ is ransomware that belongs to the Xorist ransomware family. We have discovered this variant while examining malware samples submitted to the VirusTotal website. It was found that WanaCray2023+ encrypts files and appends the ".WanaCray2023+" extension to their filenames. Also, WanaCr
Live-Secure is a browser hijacker that our team has discovered while examining questionable web pages. After installing this application, we found out that it hijacks a web browser by changing some of its settings to live-secure.xyz - it promotes a fake search engine. Live-Secure promotes
News-jivuka[.]cc is a rogue site designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/malicious) webpages. Our research team discovered this page while inspecting websites using rogue advertising networks. Most users enter news-jivuka[.]cc and similar
StreamTopSearch is a rogue browser extension. After analyzing it, our researchers determined that it operates as a browser hijacker. StreamTopSearch modifies browser settings to promote the streamtopsearch.com fake search engine. On our test machine, StreamTopSearch reassigned the browser'
Our research team found the scanandclean[.]xyz rogue webpage during a routine inspection of untrustworthy sites. This page is designed to load deceptive content (scams), push spam browser notifications, and redirect visitors to different (likely untrustworthy/harmful) webpages. Most users enter w
We have discovered the myauto[.]site website while inspecting other pages that use rogue advertising networks. Myauto[.]site asks for permission to show notifications (it uses a clickbait technique to trick visitors into clicking the "Allow" button). Also, it redirects to an identical page.
We have examined this email and concluded that it is used to steal credentials. It contains an attachment designed to open a page asking to provide email, phone or Skype, and password. This site is disguised as a letter from The Salvation Army, an evangelical protestant Christian church in Austral
After inspecting the "Email Shutdown In Progress" email, we determined that it is spam. This fake letter threatens that the recipient's email account is pending deactivation. The goal of this mail is to trick users onto providing their email account's log-in credentials to a phishing website.
Japan is the name of a malicious program that our researchers found while inspecting new malware submissions to VirusTotal. We determined that the Japan program is ransomware. After launching a sample on our test machine, we learned that it encrypts files and appends their filenames with a ".japa