The Grinju Downloader is a peculiar Trojan that uses outdated Microsoft Excel features to hide its execution and leave the victim with the impression that they ran into some trouble while viewing a spreadsheet. Many malware families rely on 'Macro Scripts' embedded inside Microsoft Office files to aid their execution. Usually, the script in question is embedded inside the 'Macro' function of modern Microsoft Office variants, and many anti-malware products check this specific section for...

The Artemis Ransomware is a file-locking Trojan that can block media such as documents with its encryption routine. It's a relative of the PewPew Ransomware and includes that threat's signature features, such as the HTA ransom note. Users with protected backups should find recovery easy, although traditional security products should block the Artemis Ransomware attacks and remove the threat immediately. The  PewPew Ransomware , a recently-appearing Trojan family, already is splitting...

RadioSearchs is an intrusive browser add-on reported as a Potentially Unwanted Program (PUP) by many anti-virus products. The goal of the extension is to promote the websites found at Feed.radiosearchs.com and Portal.radiosearchs.com – it does nothing to enhance the user's experience in any way. The two websites mentioned above are configured to be the default search engine and new tab page the browser uses, therefore ensuring that the affected user will visit them dozens of times a day....

Having your Web browser notifications hijacked may sound like a serious issue, but we assure you that it is entirely harmless. While there is no danger involved, it may still be a somewhat annoying issue. Some websites may abuse this feature to deliver dozens of intrusive advertisements to active browser windows. One of these websites is Hilanfavouris.top, and it relies on a basic tactic to hijack browser notifications. Visitors of this page may see a pop-up saying that they need to click...

Viokos.com is a misleading page that focuses on displaying fake messages containing a bogus video player. Visitors of this page may be told that the page is trying to load a piece of media they are trying to view, but they must first enable video playback by pressing the 'Allow' button on top of the page. If the users follow this basic request, they will enable Viokos.com to display intrusive notifications in their Web browser. While this change is not causing any harm, it may be annoying to...

The HDStreamSearch browser add-on promises great things to users, but it fails to deliver anything useful. Instead of providing entertaining, high-definition content, HDStreamSearch brings undesired changes to the Web browser's configuration. The goal of this extension seems to promote the websites Portal.hdstreamsearch.com and Feed.hdstreamsearch.com by configuring Web browsers to use them as the default new tab page and search engine, respectively. HDStreamSearch is considered a...

CommonGeneration is the name of a deceptive and intrusive Mac application, which may be installed without the user's knowledge. This often happens because the users try to download files from non-trustworthy destinations or mingle with low-quality software bundles linked to shady software. Once CommonGeneration is up and running, it will cause minor changes that usually affect the default macOS Web browser. These changes concern the default search engine and new tab page the user sees – they...

The Osnoed Ransomware is a file-locking Trojan that blocks media on users' computers through encrypting the files. It's estimated as a variant of a previous Trojan, Babax, although the data-blocking feature is new to this version. Users with backups can protect their work from harm, and most standard security products should remove the Osnoed Ransomware as a threat. The GitHub project, the  Babax Stealer , is returning with an unknown threat actor's help, whose programming...

DroidJack is an expensive Android Trojan whose author tries to promote it as a legitimate application designed to help users access remote Android devices. However, DroidJack's abilities clearly show that this tool is meant to infect devices without alerting the victims that there is a Remote Access Trojan (RAT) on their devices – DroidJack is able to gain persistence by using various tricks, and it also does a good job at hiding its components from Android menus. According to DroidJack's...

OmniRAT is a Remote Access Tool or RAT that lets users administrate or control a PC or other device, such as phone, remotely. Although its official business is no longer active, threat actors may abuse OmniRAT for threatening goals like collecting data or installing other threats. Users should protect all relevant systems with compatible anti-malware products to remove OmniRAT in non-consensual installation scenarios. RAT developers who aren't employed by state-sponsored APTs tend to walk...

MontysThree is modular spyware that collects information from the user's PC by multiple methods, including taking screenshots and exfiltrating documents. The threat's configuration suggests that most targets are Russian and include companies in the industrial sector currently. Users can block or delete MontysThree with traditional anti-malware products and may watch for some symptoms, such as changes to their Link (LNK) files. Trojans and other threats breaching industrial companies'...

Todaysdailyreports.com hosts a fake video player who pretends to be loading a media piece that users might want to see. However, the page warns them that video playback needs to be permitted by clicking the 'Allow' button on top of their screen. The Web page, however, forgets to mention that this action will subscribe users to its notifications. While being subscribed to the Todaysdailyreports.com notifications is not unsafe, it may end up impairing your Web browsing experience since you will...

Fake downloads are not always used to spread malware and, sometimes, they may engage in low-level tactics meant to provide random websites with escalated browser permissions. This is the exact type of scam found on Statestchool.club – the Web page promises to provide users with the ability to download a file they were looking for and asks them to click 'Allow' to confirm their download. However, interacting with the button in question will have entirely different consequences – it will...

Viulanatura.com is a misleading page that uses a variant of the 'Click Allow to Continue' Pop-Up tactic to trick users into enabling the website's notifications. Thankfully, falling for this trick does not bring any major consequences. The Web page is unable to abuse the notifications feature to cause harm in any way. However, it may use the feature to bother you with advertisements whenever you try to browse the Web. Being subscribed to Viulanatura.com's notifications is guaranteed to be...

PDFConverterSearchHQ is a Potentially Unwanted Program (PUP) that may end up on PC when looking for PDF conversion tools to add to your Web browser. PDFConverterSearchHQ works like a browser-enhancing add-on, but, in reality, its purpose is to generate revenue for its creators by redirecting you to a website they own. The changes that PDFConverterSearchHQ does to achieve this are very intrusive – it will set your new tab to Portal.pdfconvertersearchhq.com, while the search aggregator will...

SSOption is an intrusive adware application whose installation may not always happen with the knowledge of the user. Users might often be unaware that they are about to install SSOption – this may happen because of a low-quality software bundle, misleading/confusing instructions, or false advertising. Once SSOption is installed, it will not be able to cause any harm, so this software should be treated as unsafe. However, it can worsen the user's Web browsing experience by redirecting them to...

The MERIN Ransomware is a file-locking Trojan that comes from the NEFILIM Ransomware family. The MERIN Ransomware includes features for blocking files by encrypting them and creating ransom notes, and attackers may install it after hacking targets through software vulnerabilities. As in most cases, backups are the only guarantee for recovery of any data, although dedicated anti-malware services can limit damages by quarantining or removing the MERIN Ransomware. One Trojan family with the...

The Foqe Ransomware is a file-locking Trojan that's from a Ransomware-as-a-Service known as the STOP Ransomware or the Djvu Ransomware. The Foqe Ransomware keeps files hostage by encrypting their data and performs associated attacks for extorting money out of the victim. Users can best preserve their files from these attacks by backing them up and having anti-malware protection for deleting the Foqe Ransomware without delay. The arguably poorly-chose name of the  STOP Ransomware  for...

The CURATOR Ransomware is a file-locking Trojan of an unknown family. The CURATOR Ransomware blocks the user's files in multiple locations to ransom the unlocking service. Users with surviving backups can recover while ignoring the ransom note, although dedicated anti-malware tools are preferable for uninstalling the CURATOR Ransomware, in either case. A file-locking Trojan dropping notes reminiscent of older campaigns proves, once more, that it's never a safe time to take one's server and...

Helgminers.com is a Web page designed to trick users by using misleading instructions and messages. Thankfully, this is one of the less harmful tactics since it does not try to take money or information from the target – instead, Helgminers.com wants to gain permission to use Web browser notifications. If this happens, the page will use this cool browser feature to deliver a constant stream of intrusive advertisements that will bother you on all websites you visit. The Helgminers.com...