While inspecting suspicious websites, our researchers discovered the TuneFinder browser extension. It is promoted as an easy-access tool to song lyrics and related information (e.g., artist discographies, album details, etc.). After analyzing this extension, we determined that it is advertising-su
We have tested keyguard-websecure.com and found that it is a fake search engine. Moreover, we discovered that it is promoted through a browser extension that operates as a browser hijacker. Therefore, users should avoid visiting keyguard-websecure.com and remove it from the settings of a web brows
While investigating untrustworthy sites, our researchers discovered this fake "$TURBO" webpage (turbotoken[.]io; possibly others). Users who try to participate in this bogus airdrop expose their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated wit
Our researchers discovered quicknetshift.co[.]in while browsing suspect websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Most users access quicknetshift.co[.]in and webpages ak
TransferLoader is a malware loader that the attackers have used since at least February 2025. It consists of several components: a downloader, a backdoor, and a separate module designed to deploy the backdoor. Cybercriminals have been observed using TransferLoader to deploy ransomware. If detected
Retrorevivesearch.com is a fake search engine our researchers discovered while analyzing the Retro Revive browser hijacker. This extension is supposedly designed to create a retro aesthetic for new browser tabs. Browser hijackers promote these webpages by modifying browser settings. It is notewort
Recipio is promoted as a browser extension (or add-on) that helps users find recipes online by narrowing search results to cooking-related content, making it easier to discover meal ideas, detailed recipes, and step-by-step instructions without unrelated distractions. However, our analysis shows t
Desolator is a malicious program classed as ransomware. It is designed to encrypt files and demand payment for the decryption. After we executed a sample of Desolator on our test machine, it encrypted files and added a ".desolated" extension to their names. For example, a file originally named "1
We have analysed calenital.co[.]in and concluded that this is a deceptive website designed to obtain permission to show notifications through clickbait. Once allowed, calenital.co[.]in can bombard users with fake warnings and other messages designed to direct them to other untrustworthy sites and
We found that laracismas.co[.]in is designed to manipulate users into clicking “Allow” on a browser prompt that allows the site to show notifications. Once this permission is granted, the site sends misleading alerts and similar messages that can lead users to unsafe websites. Thus, laracismas.co[