We have discovered Esperanto Dictionary while looking for deceptive websites offering to download and install questionable applications. After testing Esperanto Dictionary, we concluded that it is an adware-type application that generates advertisements and can read data on all visited pages.
DazzleSpy is a backdoor-type malware, which our researchers sampled from ESET's WeLiveSecurity community website. After analyzing this piece of malicious software, we concluded that it is capable of receiving/executing commands and extracting files from the infected device. At the time of writin
New-message-service[.]com is an untrustworthy website that we have discovered while examining illegal streaming, torrent sites, and similar pages that use questionable advertising networks. We found that the purpose of new-message-service[.]com is to get permission to show notifications and redire
crDypted is a ransomware-type program designed to encrypt data (render files inaccessible) and demand ransoms for the decryption. After launching a sample obtained from VirusTotal on our test machine, it encrypted files and appended them with a ".crDypted000007" extension. For example, a file ini
While testing the Search-Power application, our team has learned that it is a browser hijacker used to promote the searchpower.xyz address (a fake search engine). It hijacks a web browser by modifying its settings. We have discovered Search-Power while visiting pages that use rogue advertising net
Our team has tested the DecipherPerformance application and learned that it functions as a browser hijacker and an advertising-supported software: it changes the web browser's settings to promote a fake search engine and displays advertisements. We discovered DecipherPerformance while examining
ActiveProgram is another app from the AdLoad malware family, which our research team found when looking through new submissions on VirusTotal. After a sample was launched on our test system, we determined that this application operates as adware. While it did not show any browser hijacker behav
Nuhtab is a rogue browser extension that promises to allow desktop customization. When our researchers tested this software, it operated as a browser hijacker. In other words, Nuhtab altered browser settings to promote the nuhtab.com fake search engine and spied on users' browsing activity.
Detected by our research team when inspecting untrustworthy websites, securestuff[.]xyz is a rogue page. It is designed to load dubious content (e.g., "McAfee - Your PC is infected with 5 viruses!" scam), promote browser notification spam, and/or redirect visitors to other unreliable and malicious
The "OpenSea" scam refers to phishing sites disguised as the OpenSea online NFT (Non-Fungible Token) marketplace. The goal of this scheme is to extract users' cryptowallet log-in credentials and subsequently gain access/control over the wallets. The address of the scam website our researchers hav