We have tested the ProTabs New Tab application/browser extension and found that it operates as a browser hijacker. It changes the settings of a web browser and does not allow to modify them. The purpose of changes that ProTabs New Tab makes in settings is to promote a fake search engine, the prota
Our researcher discovered the Monochrome Tab browser extension while inspecting dubious download pages. This piece of software is advertised vaguely as a "work optimization" and "productivity maximizing" tool for browsers - without any specific features listed. Instead, this extension hijacks bro
xSpace is the name of ransomware that belongs to the VoidCrypt ransomware family. We have discovered this ransomware variant while analyzing the samples submitted to VirusTotal. After examining the sample, we learned that xSpace encrypts files and appends the victim's ID, HelpMe@mailfence.com emai
While inspecting new malware submissions to VirusTotal, our research team found a new ransomware belonging to the Makop family - called Raf. Once launched onto our test machine, Raf began encrypting files and appending their filenames with a unique ID, the attackers' email address, and a ".Raf" e
During a routine inspection of untrustworthy websites, our researchers discovered the totaldatadefence[.]com page. It hosts deceptive content, promotes browser notification spam, and redirects visitors to other (likely unreliable/dangerous) sites. Most users enter totaldatadefence[.]com and webpag
Our team has discovered the mysecuresoftware[.]com page while inspecting illegal movie streaming, torrent, and other sites that use questionable advertising networks. We have examined mysecuresoftware[.]com and found that it runs the "Norton Security - Your Pc Is Infected With 5 Viruses!" scam and
Our research team found the Hfgd ransomware while inspecting new submissions to VirusTotal. We sampled it and determined that this malicious program belongs to the Djvu ransomware family. After being launched onto our test machine, Hfgd began encrypting files and appended their filenames with a "
We have discovered the news-dovode[.]cc website while examining sites that use shady advertising networks (such as illegal movie streaming, torrent, and similar sites). The purpose of news-dovode[.]cc is to trick visitors into agreeing to receive website notifications and redirect them to similar
Mmuz is the name of ransomware that encrypts and renames files (by appending its extension to filenames). It also creates a ransom note (the "_readme.txt" file). We have discovered Mmuz ransomware while examining malware samples submitted to VirusTotal. Additionally, we learned that Mmuz is part o
Our team has discovered Rguy while analyzing samples submitted to VirusTotal. It was found that Rguy is ransomware that encrypts files and appends the ".rguy" extension to filenames. Also, it provides instructions on how to contact the attackers and the prices of decryption tools (they are provide