While inspecting browser-hijacking software, our research team discovered the underwaternewtab.com fake search engine. Websites within this classification are typically incapable of providing search results, so they generate redirects to legitimate search engines. These bogus sites are commonly p
ViewpointTools is a rogue application that we discovered while inspecting new submissions to the VirusTotal site. Our analysis of this app revealed that it is advertising-supported software (adware). Additionally, ViewpointTools is part of the AdLoad malware family. Adware enables the pl
Our researchers discovered the My Notes Extension while investigating suspicious websites. This browser extension is endorsed as an organization tool with a notepad widget. On our test machine, My Notes Extension modified browser settings in order to promote (via redirects) the notepadextension.c
We have examined trunapol[.]xyz and found that it runs the "You've visited illegal infected website" scam. Additionally, trunapol[.]xyz wants to send notifications and may redirect visitors to other untrustworthy websites. Our researchers discovered this page while investigating sites that use sha
StyleHill is a rogue application that we discovered while inspecting new submissions to VirusTotal. After investigating this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It is designed to disp
Pekka is a Remote Access Trojan (RAT) designed to target Android users. This malicious software enables cybercriminals to remotely control infected Android devices, granting them access to manage files, contacts, and calls, record keystrokes, and carry out other harmful activities. Pekka is avail
Our research team found the OlSaveLock ransomware during a routine inspection of new submissions to VirusTotal. This malicious program encrypts data and demands ransoms for its decryption. This malware also belongs to the MedusaLocker ransomware family. On our testing system, OlSaveLock encrypted
Geacon is the name of a malicious program targeting Mac OSes (Operating Systems). Geacon's history begins with the Go programming language implementation of Cobalt Strike – an infamous Windows OS malware. The Go versions had not been previously observed in heavy use for attacks on macOS devices.
Our investigation of the Ultimate Basketball Fan Extension found that it takes over web browsers by modifying their settings. The main purpose of this browser-hijacking extension is to promote a fraudulent search engine called search.basketball-fan.com. Also, it is possible that the Ultimate Baske
RA Group is ransomware that encrypts data, modifies filenames, and drops a ransom note. Every attack may involve a unique ransom note ("How To Restore Your Files.txt") tailored specifically for the targeted company or organization. The same may apply to the extension added to the filenames of encr