PrO is one of the ransomware variants belonging to the Xorist family. Our team discovered PrO while inspecting samples submitted to the VirusTotal website. PrO is designed to encrypt files, append the ".PrO" extension to filenames, and present users with an error window featuring a ransom note. F
Read-the-notification[.]com is a rogue webpage that pushes browser notification spam and can redirect users to different (likely dubious/malicious) sites. Most visitors to this and similar pages access them through redirects generated by websites that employ rogue advertising networks. We discove
Our researchers discovered "Sport background pictures new tab" while investigating untrustworthy websites. This extension displays randomized sports-themed browser wallpapers. After examining this piece of software, we determined that it is a browser hijacker. The "Sport background pictures new t
While investigating new submissions to the VirusTotal site, our research team discovered the Mynvhefutrx malicious program. It is part of the Snatch ransomware family. Malware within the ransomware classification is designed to encrypt files and demand ransoms for their decryption. On our test ma
Our team examined Space Spiders and found that it hijacks a web browser by changing some of its settings to search.spacespiders.net - it promotes a fake search engine. It is common for browser hijackers to be promoted using shady methods. Thus, users often add browser hijackers to their browsers i
While investigating deceptive websites, our researchers discovered an installer containing an application called Subtitles. After inspecting this piece of software, we determined that it is adware. Adware stands for advertising-supported software. Its goal is to generate revenue for its de
Cropsibagen[.]com is a rogue webpage that is designed to push spam browser notifications and redirect visitors to other (likely unreliable/harmful) sites. Users primarily enter cropsibagen[.]com and pages akin to it via redirects generated by websites utilizing rogue advertising networks. Our res
Axegrinder[.]top is the address of a rogue page. It operates by promoting browser notification spam and redirecting visitors to other (likely dubious/malicious) sites. Users primarily access pages of this kind through redirects caused by websites employing rogue advertising networks. Our research
During our examination of Flexi Search New Tab, we found that this extension functions as a browser hijacker. We learned that the purpose of Flexi Search New Tab is to promote searchflexi.com, which is a fake search engine. Flexi Search New Tab promotes searchflexi.com by taking control over a web
DesignationDrive is an adware-type application that our research team discovered while investigating new submissions to the VirusTotal website. This app is part of the AdLoad malware family. DesignationDrive is designed to feed users with unwanted/deceptive advertisements. Adware stands