Threats
Thebestcaptcha.top Uses Fake Anti-Bot Check to Push Ads
During our team's investigation of suspicious websites, we came across thebestcaptcha.top, a malicious page that endorses browser notification spam. The site employs fake CAPTCHA verification to deceive visitors and... Read more
Bizzy Beaver Hijacks Browser Settings
During a regular inspection of untrustworthy websites, our team discovered the Bizzy Beaver browser extension. It was marketed as a tool to increase productivity, but our analysis revealed that it modifies browsers by... Read more
Cosw Ransomware is a New Djvu Clone That Seeks Random Files for Encryption
After analyzing malware samples from online threat catalogs, a new variant of the Djvu ransomware has been discovered and named Cosw. Its primary objective is to encrypt files on the affected system and change their... Read more
Buzz Adware Comes With Its Own Executable
During a routine check of fraudulent websites, our team discovered the Buzz application. We found an installer bundled with the app on a website that promotes fake "cracked" software downloads. Our analysis of Buzz... Read more
Colour-Blind RAT Wriggles Its Way Onto PyPI
A Python package named "colourfool" that was uploaded to PyPI has been discovered to contain a malicious information stealer and remote access trojan. Kroll's Cyber Threat Intelligence team identified the malware,... Read more
Mysearchexperts.com Pushes Intrusive Ads
In our investigation of mysearchexperts.com, we found that this search engine is unreliable and may provide inaccurate results. It is common for questionable or fraudulent search engines to be distributed through... Read more
Lightfoot.top Pushes Intrusive Ads By Abusing Push Notifications
During our research into misleading websites, our team came across the rogue webpage called lightfoot.top. This page promotes browser notification spam and has the ability to redirect visitors to other unreliable or... Read more
Remote Access Trojan 'HiatusRAT' Targets Router Firmware
Researchers with Lumen Black Lotus Labs discovered a new malware campaign that they have named "Hiatus". This campaign targets business-grade routers, mainly the DrayTek Vigor models 2960 and 3900, which can support... Read more
Nowcaptchahere.top Pushes Intrusive Ads
After examining suspicious web pages, our team has concluded that nowcaptchahere.top is an untrustworthy site that displays a deceiving message to persuade visitors to allow notifications. It is common for individuals... Read more
'Measures To Strengthen Server Security' Email Scam Uses Old Bait
After examining the email entitled "Incoming Mails Have Been Restricted," our investigation found that it is a type of spam called phishing. Its purpose is to trick recipients into giving away their email account... Read more
Skynetwork Ransomware Threatens Corporate Data Security
During our investigation into new ransomware samples, our researchers discovered Skynetwork ransomware. This malware belongs to the MedusaLocker ransomware family and its purpose is to encrypt data and demand a ransom... Read more
MainAdviseSearch Joins Host of AdLoad Adware Clones
During our analysis of potentially unwanted applications, our researchers stumbled upon the MainAdviseSearch app, which we identified as adware associated with the AdLoad malware group. This software displays... Read more
'DHL - A Parcel Was Sent To You' Email Scam Fishes for Login Credentials
Upon investigation of the "DHL - A Parcel Was Sent To You" email, our team has confirmed that it is a fraudulent message. The phishing email disguises itself as a legitimate shipment notification from DHL, and aims to... Read more
Coaq Ransomware Will Scramble Your Files via Aggressive Encryption Algorithms
While analyzing malware samples, we discovered a new variant of Djvu ransomware called Coaq. This particular strain encrypts files and modifies their names by adding the ".coaq" extension. Additionally, Coaq creates a... Read more
Firstinsearch.com Will Hijack Your Browser Settings
Our investigation has revealed that firstinsearch.com is a doubtful search engine that may not function effectively and is typically related to unwanted programs like browser hijackers. Usually, users unintentionally... Read more
Beware! Pogothere.xyz May Cause Bad Redirects
If you find yourself continuously being taken to the Pogothere.xyz site, there is a high probability that you have either unknowingly installed a malicious program or an unwanted browser extension onto your device.... Read more
Browsing-shield.xyz Scrambles Browser Settings
During our investigation of browser-hijacking software, we recently came across browsing-shield.xyz, a fake search engine that redirects users to legitimate search engines. Typically, these types of websites are... Read more
Adblock-one-protection.com Pushes Fake Adblocking Tool
Adblock-one-protection.com is a deceitful website that aims to lure users into downloading harmful software or browser extensions that can modify browser settings and display unwanted advertisements. The website... Read more
