BestMapSearch is a piece of software classified as a browser hijacker. We determined this by analyzing the browser extension's behavior following installation onto our test machine. BestMapSearch modifies browser settings in order to promote the bestmapsearch.com fake search engine. BestMa
Ads Skipping is the name of a piece of software promising to remove advertisements from YouTube. Our research team found this browser extension while inspecting dubious download webpages. After analyzing Ads Skipping, we found that it operates as adware. Adware-delivered adverts endorse un
Bumblebee is the name of a malware loader. It is known that cybercriminals use it as a downloader for Cobalt Strike and possibly other malware such as ransomware. Bumblebee appears to be a replacement for BazaLoader - another malware loader. Bumblebee is delivered via ISO files that contai
Notificationsworld[.]com is a rogue page that we discovered while inspecting untrustworthy sites. It operates by promoting browser notification spam and redirecting visitors to other (likely unreliable/malicious) websites. Most users enter such webpages through redirects caused by sites that use r
Energy is a rogue application that our researchers discovered while inspecting highly dubious download webpages. After analyzing it, we discovered that Energy operates as advertising-supported software (adware). We also found that this app is practically identical to Healthiness adware. Ad
Decryption#1222 is ransomware that encrypts files and appends ".n53yb34tbb2" extension to filenames. It also creates the "HOW TO DEYCRYPT.txt" text file, a ransom note containing contact and payment information. We have discovered Decryption#1222 ransomware while checking the VirusTotal page for r
Check-pcsecurity[.]com is an untrustworthy website running the "McAfee - Your PC is infected with 5 viruses!" scam. It is designed to trick visitors into believing that their computers are infected. Also, this site asks for permission to show notifications and may redirect to other shady pages.
ONYX is ransomware based on another ransomware called CONTI. It encrypts files and appends a randomly generated extension to filenames. Moreover, it deletes files larger than 200 megabytes in size and replaces them with random files. Like most ransomware variants, ONYX also creates a ransom note.
It is a fake Viber warning displayed by a deceptive website. We have discovered this site while inspecting notifications displayed by other pages of this kind. Usually, the purpose of such scams is to trick visitors into downloading some software and (or) providing personal information. A
While inspecting suspicious download webpages, our researchers discovered the Play No Ads browser extension. According to its promotional material, this piece of software promises to block advertisements displayed on YouTube videos. However, after analyzing Play No Ads, we determined that it opera