Virus and Spyware Removal Guides, uninstall instructions

What kind of page is notif-next[.]com?

Upon examining notif-next[.]com, it has been discovered that the main purpose of this site is to trick unsuspecting visitors into allowing it to send them notifications. Additionally, notif-next[.]com may redirect visitors to other (potentially harmful) websites. For these reasons, users should not visit notif-next[.]com.

What kind of application is News Directory?

After assessing the News Directory application, it has been established that its primary function is to operate as a browser hijacker with the aim of promoting a legitimate search engine. This extension hijacks a web browser by changing its settings. Users often add browser hijackers without knowing they will affect their browsers this way.

What kind of software is ChatGPT Check?

Our research team discovered the ChatGPT Check browser extension while investigating untrustworthy websites. We found a page pushing an installation setup containing this extension and ChatGPT Check's "official" promotional page.

The latter described it as a tool for those who do not want to create an account or pay for ChatGPT, as this browser extension does not require signing up and allows three daily searches using the AI (Artificial Intelligence) chatbot free of charge. However, after analyzing this piece of software, we determined that it is a browser hijacker promoting the chatcheckext.com fake search engine.

It must be emphasized that this rogue extension is in no way associated with either the actual ChatGPT or its developer – OpenAI.

What kind of malware is Apocalipse?

Apocalipse is a malicious program based on Chaos ransomware. Our researchers discovered it while investigating new submissions to the VirusTotal platform. Malware within the ransomware classification is designed to encrypt data and demand payment for its decryption.

On our test machine, Apocalipse encrypted files and appended their filenames with an extension composed of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.2qdp", "2.png" as "2.png.cc5n", etc. Afterward, a ransom note – "read_it.txt" – was created.

What kind of software is Virtual Piano New Tab?

Virtual Piano New Tab is a rogue browser extension. It is promoted as a virtual piano widget for browsers. After analyzing this piece of software, we determined that it is a browser hijacker. This extension makes changes to browser settings in order to endorse (via redirects) the find.vnav-web.com fake search engine.

What kind of email is "Cloud Voicemail"?

After analyzing the "Cloud Voicemail" email, we determined that it is spam. The fake letter notifies the recipient of a voicemail that they have been sent. The voice message is supposedly in the attached file. The attachment is a phishing file that imitates the recipient's email sign-in page. Hence, by trusting this mail – recipients can have their mail accounts stolen.

What kind of malware is Deep (Phobos)?

While inspecting new submissions to the VirusTotal website, our researchers discovered the Deep ransomware-type program. It is part of the Phobos ransomware family. Deep (Phobos) operates by encrypting data to demand payment for its decryption.

On our test machine, this ransomware encrypted files and renamed them. Original filenames were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".deep" extension. For example, a file initially titled "1.jpg" appeared as "1.jpg.id[9ECFA84E-3352].[captain-america@tuta.io].deep".

After the encryption process was finished, ransom notes were created/displayed in a pop-up window ("info.hta") and text file ("info.txt").

What kind of application is Rocket App?

Following an evaluation of the Rocket App application, it has been determined that its primary purpose is to function as a browser hijacker with the objective of promoting r.bsc.sien.com, a fraudulent search engine. This extension alters the settings of a web browser with the intention of gaining control over it.

What kind of application is CanisLupusLupus?

During an examination of an unreliable installer downloaded from an unreliable website, we encountered the CanisLupusLupus browser extension. The investigation unveiled concerning characteristics associated with this extension, including its ability to activate the "Managed by your organization" feature in the Chrome browser, gather user data, and manipulate browser components.

What kind of malware is LuaDream?

In the dynamic field of cybersecurity, an interesting new development has surfaced. Sandman, a known advanced threat actor, has introduced an unusual and complex modular backdoor. What sets this apart is its use of the LuaJIT platform, which is not commonly seen in cyber threats. This innovative malware, named LuaDream, marks a noteworthy advancement in cybersecurity.