Shadowpad is a modular malware that uses information-stealing modules and can cause chain infections. It has been around since at least 2017. Initially used by a single threat actor based in China, its later attacks have been attributed to multiple Chinese cyberespionage groups. The latest campai
GhostSocks is a malicious program written in the Go programming language. It is compatible with Windows and Linux operating systems. This program is a SOCKS5 backconnect proxy malware. Essentially, software of this kind is used by attackers to employ victims' Internet connections for malicious pur
Keep Awake is promoted as an app that allows users to stop their computers from entering sleep mode with just one click. However, our analysis shows that multiple security vendors flag Keep Awake (and its installer) as malicious. For this reason, we classified Keep Awake as an unwanted application
Our researchers discovered the Ad Blocker Pro Shield browser extension while investigating deceptive websites. This extension is promoted as a powerful advertisement-blocking tool that emphasizes privacy. Upon inspection, we determined that Ad Blocker Pro Shield operates as adware. Therefore, inst
Consmertestconnect[.]com is a rogue page that promotes online scams and browser notification spam. It can also redirect users to other (likely unreliable/hazardous) websites. The majority of visitors access consmertestconnect[.]com and analogous webpages via redirects caused by sites utilizing rog
Our analysis of the Ervoql App reveals that it is an unwanted application that lacks clear functionality and is bundled with Legion Loader. Installing it can cause serious issues due to the included malware's capability. Users are strongly advised to avoid installing Ervoql App and to remove it im
Our researchers found the adsforleads[.]top rogue page while investigating dubious websites. After examining this webpage, we learned that it promotes browser notification spam and produces redirects to other (likely unreliable/hazardous) sites. Users primarily access adsforleads[.]top and websit
Our researchers discovered Lucky ransomware while browsing file submissions to VirusTotal. This program is part of the MedusaLocker ransomware family. Malware of this kind encrypts data and demands payment for the decryption. After we executed a sample of Lucky (MedusaLocker) ransomware on our te
FOX is ransomware belonging to the Dharma family. Our discovery of FOX occurred during the inspection of malware samples submitted to VirusTotal. Since FOX is ransomware, it encrypts files and provides a ransom note (in a pop-up message and "info.txt" file). Also, this ransomware appends the victi
Our researchers discovered the truthwasisadl[.]org rogue page during a routine investigation of suspect websites. It promotes browser notification spam and produces redirects landing on other (likely dubious/hazardous) sites. Truthwasisadl[.]org and similar webpages are primarily accessed via red