InitiatorActivity is an application our researchers found while inspecting fake software updaters/installers. After analyzing this rogue app, we determined that it operates as advertising-supported software (adware). InitiatorActivity also belongs to the AdLoad malware family. Adware may
LogicCheck is an adware-type application that generates advertisements and can read webpage contents and browsing history. We have discovered this application while inspecting deceptive pages offering to install software updates. In most cases, apps like LogicCheck are downloaded and installed u
After inspecting the "I broke into your computer system using the Wireless network router" email, we determined that it is spam that operates as a sextortion scam. It must be emphasized that all the claims made by this letter (i.e., possession of an explicit recording featuring the recipient, sys
We have examined this page and concluded that it is a fake Solana website (an identical copy) offering to register for participation in an ignition hackathon and win up to $5 million in prizes. Typically, scams of this kind are promoted via Twitter, Discord, Telegram, and other sites or apps, vari
Whisper Stealer is an information stealer targeting Chromium and Gecko browsers, cryptocurrency wallets, Discord tokens, and Telegram sessions (and other data). It is promoted (and sold) on hacker forums. There are five available subscription plans: 250 rubles for one month, 600 rubles for three
ActiveHandler is a rogue application that our researchers discovered while inspecting new submissions to VirusTotal. After analyzing this app, we determined that it operates as adware and is part of the AdLoad malware family. Adware may require certain conditions (e.g., system/browser or
ZombieBoy is the name of a cryptomining Trojan that uses the EternalBlue exploit to spread and DoublePulsar backdoor to load and execute its modules. It is used for cryptocurrency mining and remote control. Additionally, it includes an intranet scanner module. ZombieBoy's remote access mod
Our research team discovered the webpushpull[.]com rogue webpage while inspecting shady sites. It is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/malicious) websites. Most users enter such pages through redirects caused by websites that use ro
While inspecting dubious download pages, our research team discovered the youtube_ad_remover browser extension. Based on its name, we can presume that this extension promises to eliminate advertisements displayed on YouTube videos. After analyzing the youtube_ad_remover browser extension, we dete
Saumeechoa[.]com is a rogue webpage that loads dubious content, promotes browser notification spam, and redirects visitors to other (likely unreliable or malicious) sites. Our researchers found this page while inspecting untrustworthy websites. Users typically access rogue sites unintentionally. M