When looking into new submissions on VirusTotal, we found FaceStealer - an Android-specific trojan. This malware operates as a Facebook social networking account log-in credential stealer. Our research revealed that it is proliferated under the guise of various popular Android applications.
Coolingcola[.]com is a website that we have discovered while inspecting pages that use questionable advertising networks. At the time of the research, coolingcola[.]com was promoting a scam offering to win the iPhone 12 mini and asked for permission to show notifications. The scam promoted
After installing the Tone application onto a test system, our research team discovered that it operates as advertising-supported software (adware). To elaborate, this rogue app delivered various advertisements. We have observed Tone displaying ads. In general, adware can enable the placeme
We have discovered Esperanto Dictionary while looking for deceptive websites offering to download and install questionable applications. After testing Esperanto Dictionary, we concluded that it is an adware-type application that generates advertisements and can read data on all visited pages.
DazzleSpy is a backdoor-type malware, which our researchers sampled from ESET's WeLiveSecurity community website. After analyzing this piece of malicious software, we concluded that it is capable of receiving/executing commands and extracting files from the infected device. At the time of writin
New-message-service[.]com is an untrustworthy website that we have discovered while examining illegal streaming, torrent sites, and similar pages that use questionable advertising networks. We found that the purpose of new-message-service[.]com is to get permission to show notifications and redire
crDypted is a ransomware-type program designed to encrypt data (render files inaccessible) and demand ransoms for the decryption. After launching a sample obtained from VirusTotal on our test machine, it encrypted files and appended them with a ".crDypted000007" extension. For example, a file ini
While testing the Search-Power application, our team has learned that it is a browser hijacker used to promote the searchpower.xyz address (a fake search engine). It hijacks a web browser by modifying its settings. We have discovered Search-Power while visiting pages that use rogue advertising net
Our team has tested the DecipherPerformance application and learned that it functions as a browser hijacker and an advertising-supported software: it changes the web browser's settings to promote a fake search engine and displays advertisements. We discovered DecipherPerformance while examining
ActiveProgram is another app from the AdLoad malware family, which our research team found when looking through new submissions on VirusTotal. After a sample was launched on our test system, we determined that this application operates as adware. While it did not show any browser hijacker behav