While analyzing malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the GlobeImposter family, dubbed GoodMorning. Upon infecting a system, GoodMorning initiates file encryption and adds the ".goodmorning" extension to filenames. Additionally, it generates a ran
Our research team discovered the Viewndown application during a routine investigation of questionable sites. The app's promotional material presents it as a tool that allows users to pin a selected window and keep it on top of others. Upon inspection, we determined that Viewndown operates as prox
During our examination of the Brain Gym Pro application, we discovered that it forces users to visit braingympro.com by changing the settings of a web browser. This behavior is known as browser hijacking. In addition to taking control over a browser, Brain Gym Pro may gather various data.
While assessing malware samples uploaded to VirusTotal, we discovered a ransomware variant from the Makop family dubbed Rocklee. This ransomware encrypts data, changes filenames of all encrypted files, and drops a ransom note ("+README-WARNING+.txt"). Rocklee appends the victim's ID, the attacker
Upon our examination, it came to our attention that Searchsit has been crafted to promote searchsit.com. This browser extension achieves its objective by modifying the configurations of a web browser, coercing users to visit searchsit.com. Thus, we have classified Searchsit as a browser hijacker.
When examining malware samples of VirusTotal, we discovered a ransomware variant belonging to the Proton family dubbed SWIFT. Once SWIFT infiltrates a computer, the ransomware encrypts and renames files, changes the desktop wallpaper, and creates a ransom note ("#SWIFT-Help.txt"). SWIFT renames f
While investigating suspicious sites, we discovered the Pinaview application. It is promoted as a tool that allows users to keep (i.e., pin) a window on top of all others. However, this piece of software operates as proxyware – an Internet bandwidth hijacker. It may also have other undesirable or
Asuka is a stealer written in the C++ programming language. It targets sensitive information from browsers, cryptocurrency wallets, and other applications/extensions. The developers of this malware are offering it for sale on the Web. Asuka is sold as a customizable data-stealing program with fea
During our inspection, we discovered that Grammar Jet is designed with the sole intention of promoting grammarjet.com. This browser extension accomplishes this by altering the settings of a web browser, compelling users to navigate to grammarjet.com. Consequently, we have categorized Grammar Jet a
Our research team discovered nortos[.]fun during a routine inspection of dubious websites. This rogue page endorses deceptive content and spam browser notifications. It can also redirect users to other (likely untrustworthy/dangerous) sites. Most visitors to nortos[.]fun and webpages akin to it ac