Our researchers identified a new address - topraw[.]net - used for browser notification spam. At the time of research, this site pushed its notifications and promoted other untrustworthy/malicious websites. Pages of this kind are typically accessed via others that use rogue advertising networks, w
First analyzed by Microsoft Threat Intelligence Center (MSTIC), WhisperGate was detected on January 13, 2022. According to MSTIC's report, this malware was released explicitly against various Ukrainian organizations in geopolitically-motivated attacks. WhisperGate is a ransomware-type program. Us
We have discovered raymarine[.]top after receiving spam with the website URL in the email. Once we opened raymarine[.]top, it displayed a deceptive message suggesting that it is necessary to agree to receive notifications to download/stream a video. At the time of testing, raymarine[.]top
Duty-Search is a rogue browser extension, which our researchers have determined to be a browser hijacker. On our test system, it modified browser settings to promote the duty-search.xyz fake search engine. Duty-Search sets its search engine as browser's default, and their homepage and new
Dark Viewer is a rogue browser extension, one of the many we have noticed promising to create a dark mode for websites that do not have this feature. Our researchers have observed this software delivering various advertisements; in other words, Dark Viewer exhibits behavior typical for adware.
Vfgj is the name of ransomware belonging to a ransomware family called Djvu. Our team has discovered this ransomware variant while inspecting ransomware samples recently submitted to VirusTotal. While testing the sample, we identified that Vfgj appends the ".vfgj" extension to filenames and create
When searching the newest submissions to VirusTotal, our researchers discovered InfinityHardware - another adware-type application from the AdLoad malware family. When installed onto our testing system, it operated by running intrusive advertisement campaigns. However, from our extensive resear
We have analyzed ransomware samples on VirusTotal and discovered a new Djvu ransomware variant called Fhkf. While testing this variant, we found out that it encrypts files (and modifies filenames) and creates the "_readme.txt" file containing a ransom note. It also appends the ".fhkf" extension to
During a routine search into the newest malware samples uploaded to VirusTotal, we discovered and afterwards analyzed the 2wfv1 ransomware. This malicious program is designed to encrypt data (lock files) and demand payment for the decryption. Following successful installation on our test machine,
Once we installed the PremiumSearch application, we saw that it changed specific web browser's settings to premiumsearch.xyz - a search engine that shows results generated by Bing (bing.com). For this reason, we can state that it is a browser hijacker promoting a fake search engine. We hav