During our examination of ourdoucki[.]net, we learned that the site used deception (clickbait) to trick visitors into granting it permission to show notifications. Users usually stumble upon such websites unintentionally. It is strongly recommended that you close ourdoucki[.]net immediately if you
Our examination of KittCat extension has shown that it functions as a browser hijacker. The purpose of KittCat is to promote a fake search engine. In addition to hijacking a browser, KittCat may gather various data. Thus, users should avoid adding KittCat (and similar extensions) to browsers.
Our inspection of the site has revealed that it used a clickbait method to receive permission from users to send notifications. Web pages like milodan[.]com should not be permitted to show notifications. It is worth noting that milodan[.]com and similar sites are usually accessed inadvertently.
The Dzentime app is promoted as a tool designed to help users find balance in their daily routines by sending reminders to take breaks. However, we classified Dzentime as an unwanted application. Our examination has shown that Dzentime and its installer are flagged as malicious by multiple securit
We have inspected this email and found that it is a fraudulent letter masquerading as a request for the supply and delivery of products from TotalEnergies (a legitimate energy and petroleum company). Usually, scammers use such emails to extract personal information or money from recipients. Thus,
Angry is an information-stealing malware based on Rage stealer. This malicious program can extract and exfiltrate data from infected devices. It is promoted by its developers through several online sources. Due to the inclusion of Russian in Angry's code, it is likely that the developers are Russi
TodoSwift is a malicious program classed a dropper. Discovered in the summer of 2024, this malware is designed to deliver second-stage payloads while displaying a decoy document to victims. TodoSwift exhibits similar behavior to malware developed and used by a North Korean state-backed threat a
While browsing dubious websites, our researchers discovered the aoudadsclub[.]org rogue page. It operates by promoting browser notification spam and redirecting users to other (likely unreliable/harmful) sites. Users most commonly enter webpages like aoudadsclub[.]org via redirects caused by webs
While analyzing a rogue installation setup, our researchers discovered the HyperSearch browser hijacker. This extension makes changes to browser settings in order to promote (via redirects) the findflarex.com fake search engine. Typically, browser hijackers assign endorsed websites as the
After inspecting the "Claim FREE $DADDY", as promoted on daddycoin[.]online, we determined that it is a scam. It is presented as a cryptocurrency airdrop – in fact, this scheme operates as a crypto drainer. Victims of the "Claim FREE $DADDY" scam experience financial loss. It must be emphasized t