89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ is the name of a malicious program. After analyzing it, we determined that this malware operates as a clipboard hijacker. We discovered this program while inspecting websites offering "cracked" software. It is noteworthy that the installation setup tha
Our researchers found 8b5lc ransomware while inspecting new malware submissions to VirusTotal. We determined that this malicious program belongs to the Hive ransomware family. On our test machine, this ransomware encrypted files and appended their filenames with a random character string and the
Chos is the name of a ransomware variant that we have discovered while checking the VirusTotal page for recently submitted malware samples. It encrypts files and appends the ".Chos" extension to filenames (for example, it renames "1.jpg" to "1.jpg.Chos", "2.png" to "2.png.Chos"). Also, Chos change
Discovered by the Volexity cyber security firm, GIMMICK is an information-stealing malware. According to Volexity's analysis, this malicious program is used by Storm Cloud - a Chinese espionage group. GIMMICK is a cross-platform malware; the macOS variant is (mostly) written in Objective C and
We have discovered the DefaultFabricOptic application on a shady website. It was found that the purpose of this app is to generate annoying/unwanted advertisements. Thus, we concluded that DefaultFabricOptic is a typical advertising-supported application distributed using questionable methods.
Serpent is the name of a backdoor malware that we have discovered while examining a malicious MS Office document used in a malspam campaign. It is known that Serpent can be used to execute commands on the infected device, allowing cybercriminals to download other malware and gain complete access t
Richsurvey[.]site is a rogue webpage that loads dubious content, pushes browser notification spam, and redirects visitors to other (likely untrustworthy or malicious) pages. Our research team discovered this page during a routine inspection of sites that use rogue advertising networks. However, w
Our research team discovered the yourdatasecurityservice[.]com rogue website while inspecting untrustworthy sites. It loads deceptive content, promotes browser notification spam, and redirects visitors to other (likely dubious/malicious) pages. Most users access sites like yourdatasecurityservice[
During a routine inspection of dubious download webpages, our researchers found the moon darker browser extension. It is endorsed as a dark mode tool. After analyzing this piece of software, we determined that it is a browser hijacker promoting the getsins.com fake search engine. Browser h
AdBlock Max - remove invasive ads is the name of an application/browser extension that we have discovered on a shady website. It is described as an app that removes advertisements and trackers on popular websites and skips YouTube ads. Our team has tested the app and noticed that it operates adwar