While inspecting websites offering "cracked" software for download, our research team discovered the Getmut Cleaner PUA (Potentially Unwanted Application). The app's "official" promotional webpage endorses it as a tool capable of cleaning, protecting, and improving the performance of operating sys
After examining this email, we found that it is sent by scammers who aim to trick recipients into opening various scam websites. It is disguised as a letter from WhatsApp regarding a missed voice message. This and similar emails must be ignored. The email states that there is a missed voic
While inspecting browser hijackers, our research team discovered the activesearchbar.me fake search engine. Typically, illegitimate searching tools like activesearchbar.me are promoted by browser-hijacking software, which modifies browser settings to cause redirects to these websites. Additionall
Our malware researchers have discovered a new ransomware called Lomiat while inspecting samples submitted to the VirusTotal web page. We found that Lomiat belongs to the Xorist ransomware family. The purpose of Lomiat is to encrypt files. Also, it appends the ".LoMiAt" extension to filenames and c
Our researchers discovered the PrimeAurora application during a routine inspection of new submissions to VirusTotal. After inspecting this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware operates by displaying ads on visited websites and/
While inspecting deceptive websites offering to download "useful" applications, we found an application called PropCreative. During the analysis, we found that PropCreative is adware - it displays intrusive advertisements. Additionally, PropCreative can read sensitive information. Advert
While examining websites that use rogue advertising networks, we discovered houbekuwucoo[.]com - a deceptive website designed to trick visitors into agreeing to receive notifications. Additionally, this site can open other pages of this kind. As a rule, pages like houbekuwucoo[.]com get visited un
Tapak[.]xyz is a rogue site that our research team found while inspecting untrustworthy webpages. This website operates by pushing browser notification spam and redirecting visitors to other (likely dubious/malicious) pages. Most enter such sites through redirects caused by webpages that use rogu
During a routine inspection of questionable software-promoting webpages, our researchers discovered the Keep It Dark browser extension. It promises to enable dark mode for browsers. We analyzed this extension and determined that it operates as advertising-supported software (adware) instead.
While inspecting dubious pages, our researchers discovered the shieldforbrowsers[.]com rogue website. It is designed to run scams, promote spam browser notifications, and redirect visits to different (likely untrustworthy and malicious) sites. Users typically access webpages like shieldforbrowser