Salat (also known as WEB_RAT) is a malicious program written in the Go programming language. This malware is designed to steal sensitive information from infected devices, and due to this behavior – it is classified as a stealer. Salat is a stealer-type malware, and upon successful infiltr
Our analysis of vividtales[.]site reveals that it employs clickbait to trick users into granting it permission to show notifications. Once allowed, the site can deliver misleading notifications. To avoid potential risks, users should avoid permitting vividtales[.]site to deliver notifications (and
FINALDRAFT is malware written in the C++ programming language. It is designed for data exfiltration and process injection. It has additional modules that it can inject into systems. FINALDRAFT is typically delivered through PATHLOADER, another piece of malware. Once executed, FINALDRAFT can carry
ElementaryCommand is a rogue application discovered by our researchers during a routine review of new file submissions to the VirusTotal website. After examining this app, we determined that it is adware from the AdLoad malware family. Advertising-supported software is designed to generate reven
Headlinehype[.]site is a rogue webpage that promotes browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. Most visitors to headlinehype[.]site and analogous pages enter them through redirects produced by websites that employ rogue advertising network
Our research team Discovered the bureepriumism[.]com rogue page while investigating untrustworthy websites. Upon inspection, we learned that this webpage promotes spam browser notifications and redirects users to other (likely dubious/dangerous) sites. Bureepriumism[.]com and similar pages are pr
We have analyzed xerzxxx[.]xyz and found that it uses clickbait to receive permission to send notifications to users. If permitted, xerzxxx[.]xyz can show misleading notifications. Thus, it is highly advisable not to allow web pages like xerzxxx[.]xyz to show notifications and revoke such permissi
Our analysis of polrqd[.]info reveals that this website employs clickbait to deceive visitors into agreeing to get its notifications. These notifications can be used to push misleading content and direct users to dubious or potentially harmful sites. Thus, polrqd[.]info should be avoided and never
We have inspected rainorsun[.]site and concluded that it is an untrustworthy web page using a clickbait technique to trick visitors into granting it permission to show notifications. Usually, notifications from sites like rainorsun[.]site are designed to lure users into interacting with them and o
While investigating deceptive websites, our researchers discovered a rogue installer containing the Ciawu App PUA (Potentially Unwanted Application). Upon investigation, we determined that this app acts as a dropper for the Legion Loader malware. Thus, having Ciawu App on devices can result in hig