CH Miner is the name of a cryptocurrency miner with Remote Administration Trojan (RAT) and clipper functionality. It is created by the same cybercriminals who have developed the Echelon Stealer. Our team has discovered the CH Miner on a hacker forum. It costs $20 for three days, $40 for a week, $
During a routine inspection of new submissions to VirusTotal, our research team found the AgentAdmin application. After analyzing this app, we learned that it operates as advertising-supported software (adware), and it also belongs to the AdLoad malware family. Advertising-supported soft
Our malware researchers have discovered a ransomware variant called Kxde while analyzing the samples submitted to VirusTotal. This variant is part of the Djvu ransomware family. It encrypts files and appends the ".kxde" extension to filenames. Kxde also provides a ransom note (creates a text file
1xExujJunyRVG8MWnEgxdHkVwW7xSzntZ is the name of a clipper-type malware. Malicious programs of this kind are also known as "clipboard hijackers"; they operate by changing clipboard data. Typically, clippers are used to redirect outgoing cryptocurrency transactions by replacing the intended wallet'
Securesoftwarepc[.]com is a shady website running the "McAfee - Your PC is infected with 5 viruses!" scam and asking for permission to show notifications. Our team has discovered this deceptive page while examining other pages of this kind that use rogue advertising networks. The purpose o
MySpace Tab is an application that we discovered on a shady website offering to "download and install recommended Chrome extension". After testing the app, we learned that it is a browser hijacker that promotes a fake search engine. It changes some of the browser's settings to search.spaceytab.com
Reistivelbife[.]com is a rogue site our researchers found while inspecting untrustworthy webpages. This page promotes browser notification spam and redirects visitors to different (likely unreliable/malicious) websites. Pages of this kind are seldom accessed intentionally; most users enter them vi
During a routine inspection of sites that use rogue advertising networks, our research team discovered a webpage promoting a scam "Ronin Wallet". This phishing scam targets the log-in credentials of users' Ronin digital wallets. With this information in their possession, the cyber criminals may ga
Discovered by our research team while inspecting dubious download webpages, Power-Cleaner is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker and promotes the power-cleaner.xyz illegitimate search engine. With Power-Cle
Dark Browse is an adware-type browser extension promoted as a tool that enables dark mode for websites. While the functionalities promised by advertising-supported software are usually fake, after analyzing Dark Browse we learned that its promised function is operational. However, this browser ext