GoldenSpy is a newly identified malware family that has so far been found on the networks of two companies operating out of the United Kingdom – one of them is involved in the finance field, while the other one is in the software/technology sector. It is very interesting how the GoldenSpy malware got to the compromised systems – apparently, it was delivered alongside a taxation software that a Chinese bank asked the victims to use. It is not clear if the bank was aware of the malware implant...

Perfect Startpage is a browser extension that may be advertised online as a useful utility that can enhance your Web browsing experience by introducing you to a new, fresh and functional new tab page. The truth is that the content that Perfect Startpage promotes is by no means functional, and the goal of the add-on is to bring more traffic to its website, therefore increasing the ad revenue it generates. The website that Perfect Startpage promotes features a changeable background, a basic...

CollectorStealer is a hacking tool that can be used to obtain information and files from the infected computers. This threatening piece of malware is being sold on hacking forums, and it seems that its authors are asking for relatively low payments between $12 and $75. This means that hundreds of cybercriminals may opt to invest in CollectorStealer and then use it to harvest login credentials from users worldwide. The primary features of CollectorStealer focus on extracting data from the...

Ouristandrel.club is a misleading website that you may see in your browser while browsing other low-quality Web destinations. Ouristandrel.club may try to convince you that you have been locked out of some content until you confirm that you are not a robot by clicking 'Allow.' However, this button has nothing to do with any verification, and its real purpose is to subscribe to Ouristandrel.club's notifications. Applying this change is not a good idea, but even if you end up doing it, you...

Easretresgen.club is a misleading website whose messages try to trick users into clicking 'Allow' to pass a robot check. The problem is that Easretresgen.club is not meant to host any robot checks and, instead, it wants you to click the 'Allow' button to subscribe to its notifications. Thankfully, falling for this simple trick is not a serious issue, and your system will not be threatened by it. However, the Easretresgen.club notifications will start to appear in your Web browser on a regular...

Image Seeker is an intrusive browser extension whose installation may bring undesired changes to your Web browser's settings and behavior. It is s must-do to note that Image Seeker is by no means unsafe – the worst it does is to replace your default new tab page and search engine with Image-seeker.com. This website works like a simple search engine that emphasizes image-related search results – the usefulness of this feature is questionable. It seems that the majority of its searches end up...

Incognitonow.com is a search engine related to the browser extension IncognitoNow. As you can tell by the name of the add-on, it promises to allow users to preserve their privacy online by protecting their searches and reducing the number of targeted ads they see. However, you should know that the installation of IncognitoNow comes at a certain cost – you need to allow the extension to replace your default search engine and new tab page with websites affiliated to Incognitonow.com. While this...

File-encryption Trojans are online threats that aim to make money from its victims by encrypting their files and then offering a decryption service or tool in exchange for cash. Contrary to popular belief, cybercriminals who wish to use file-encryption Trojan do not always need to create them from scratch – they can rely on ready-to-use ransomware families such as the DarkCrypt Ransomware (also known as WannaScream Ransomware) to create a fully functional file-locker that is ready to be...

The GraceWire Trojan is a threatening piece of malware that focuses on collecting data from computers. In the past, the GraceWire Trojan has been used by high-profile threat actors such as the Evil Corp (also known as Dridex ). It seems that the same threat actors are spreading the GraceWire Trojan once again. This time, they have opted to reach their victims by using fake COVID-19 emails that claim to contain important data regarding the ongoing pandemic. The email attachment usually uses...

The FRat Malware is a Remote Access Trojan (RAT) that was discovered by malware researchers recently. Its operators seem to rely on fraudulent emails to reach their victims, and they often go after companies and institutions. However, it is safe to say that regular users might become the target of the FRat Malware as well. Falling victim to this threat might not bring any visible changes to your computer's behavior – this is because this implant is meant to work in the background, and provide...

The Lucifer Malware is a worm that uses password and software vulnerabilities for propagating. Its features include server-flooding Denial-of-Service attacks, cryptocurrency-mining via a third-party program, and general-purpose command execution. Windows anti-malware tools should delete the Lucifer Malware, and installing security patches and choosing responsible passwords will leave users less at risk from infection attempts. Satan's angelic name is an ominous title for bestowing upon...

The Ratty RAT is a relatively old Remote Access Trojan (RAT) whose source code was released online. Allegedly, the original author deleted the project around 2017, but, unfortunately, this still meant that many other cybercriminals had a copy of Ratty RAT at their disposal. Due to this, many variants of the Ratty RAT have been circulating online. Unfortunately, many of them use up-to-date features that turn them into very evasive and threatening pieces of malware. In general, the Ratty RAT...

Online con artists often rely on fraudulent schemes to improve their advertising revenue. One of these simple tactics is found on Carrisonerd.club, a Web page dedicated to hijacking the browser notifications of its visitors, and then using them to bombard the user with advertisements. The 'hijacking' occurs with the use of misleading instructions, which tell the user to click 'Allow' to play a video or access certain content. In reality, this action enables Carrisonerd.club's notifications....

If you are bothered by Decreasure.club notifications while browsing the Internet, you should know that this is owed to the fact that you have permitted this website to use your Web browser's notifications accidentally. Usually, this happens when you encounter a Decreasure.club ad or pop-up, which tells you to click 'Allow' to confirm that you are a real user and not a robot. This prompt is a lie, and the 'Allow' button grants Decreasure.club permissions to use browser notifications. The...

DataSearchLauncher is an annoying Mac program whose installation may redirect all of your online searches through a 3rd-party service that eventually takes you to Yahoo Search. The DataSearchLauncher is categorized as a browser hijacker, so you should not see it as a security concern – however, you must not forget that browser hijackers may take you to non-trustworthy Web destinations occasionally. They may apply undesired changes to your Web browser's configuration. If your Mac Web browser...

VirtualDeskSearch is an intrusive Mac application that you may end up installing on your computer by accident. This software does not have an official website or download location and, instead, it seems to be distributed entirely through false promises, misleading instructions, and fake downloads. Mac users who end up adding the VirtualDeskSearch to their list of installed applications may notice immediately that some of their Web browser's behavior will be odd – it may redirect them to...

Although the ransomware field continues to be dominated by variants of the infamous STOP Ransomware, there are plenty of other ransomware families that cybercriminals use to craft their own file-lockers. One of the families to be popular in the past year has been the Phobos Ransowmare , and the latest file-encryption Trojan created with it is called the Chinz Ransomware. If you fall victim to this threat, you will notice that many of your files had their extensions changed to '.id[<VICTIM...

The Chinz Ransomware is a file-locking Trojan from the Phobos Ransomware family, a spin-off branch of the Crysis Ransomware. The Chinz Ransomware includes features for blocking the victim's digital media by encrypting it, marketing its premium unlocking service, and disabling Windows security and recovery features. Windows users can protect themselves with standardized safety guidelines, well-maintained backups, and an anti-malware program for deleting the Chinz Ransomwareas it appears....

The Moba Ransomware is a file-locking Trojan that's from STOP Ransomware's Ransomware-as-a-Service. Although its primary feature is blocking digital media, it may interfere with the user's Web-browsing connections and delete backups. Users should let their anti-malware programs protect their files by removing the Moba Ransomware on sight and related threats like  AZORult . Without any suggestions that it might come close to living up to its name, the  STOP Ransomware , still, is...

The WastedLocker Ransomware is a file-locking Trojan that can block various media formats of data on your computer. Although the WastedLocker Ransomware capable of harming home PC users, its threat actor is deploying it against corporate entities with highly-expensive ransoms preferentially. Server administrators should watch the usual infection risk factors, such as e-mail contact and RDP, and have anti-malware services up-to-date and available for removing the WastedLocker Ransomware. A...