During an assessment of the application, we found that CumulusCongestus is a suspicious application distributed via a malicious installer. Upon adding CumulusCongestus to a web browser, we noticed that it can read and change various data on visited pages, manage components within a browser, and en
Our researchers discovered the FilterAdmin application while checking out new file submissions to VirusTotal. Upon inspection, we learned that FilterAdmin is adware belonging to the AdLoad malware family. This app delivers intrusive advertisement campaigns and may have other harmful capabilities
ZeroGuard is a malicious program classed as ransomware. This malware is designed to encrypt files and demand payment for the decryption. After we executed a sample of ZeroGuard on our testing system, it encrypted files and modified their filenames. To elaborate, an original file title was appende
Our researchers found the wholefreshstories[.]com rogue webpage while reviewing untrustworthy sites. It is designed to push browser notification spam and redirect users to different (likely dubious/malicious) websites. Most visitors to wholefreshstories[.]com and webpages akin to it access them t
Floscercurn.com is a rogue webpage discovered by our research team during a routine investigation of dubious sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) websites. Most users access webpages like floscercurn[.]com through redire
"Trezor Upgrade Your Networks" is a scam that targets Trezor cryptowallet log-in credentials. The cyber criminals behind this scheme aim to steal the cryptocurrency stored in victims' wallets. It is pertinent to mention that this scam has been observed being promoted through spam emails. "
While investigating suspicious sites, our researchers discovered Your Errors Plug browser extension. It promises a "seamless" browsing experience with "relevant results on error-prone sites". For example, if a user enters a nonexistent URL – they are redirected to a webpage that informs them of th
"Trojan.Hulk" is a detection name used by multiple security vendors for identifying rogue installers or illegal software ("cracks") tools, which are bundled with malicious content. Note that other detection names can be used for these setups. Content detected as "Trojan.Hulk" may include unwanted,
While examining the page, it was revealed that it uses clickbait to receive permission to show notifications. Also, gemheartartisan[.]top may redirect visitors to similar pages. It is strongly recommended not to allow gemheartartisan[.]top or similar websites to show notifications. Usually, these
In our examination of the malware, we observed that Lockxx operates as ransomware: it encrypts files, appends its extension ".lockxx" to file names, and provides a ransom note ("lockxx.recovery_data.hta"). Additionally, Lockxx changes the victim's desktop wallpaper. An example of how Lockxx modif