Through our analysis of the SorbusAucuparia app, we determined that it is a malicious extension distributed using a deceptive page. SorbusAucuparia can enable the "Managed by your organization" feature, read and change various data, and manage other extensions (and themes). Thus, affected users sh
While browsing suspect sites, our research team found the vast-conexxion[.]com rogue webpage. It promotes dubious/deceptive content and browser notification spam. Vast-conexxion[.]com can also redirect users to other (likely untrustworthy/dangerous) websites. Pages of this kind are primarily acces
"Email Failed To Sync" is a spam email that promotes a phishing scam. This fake letter states that the recipient has pending messages that failed to reach their inbox. When a user attempts to review the nonexistent emails, they are redirected to a phishing website that targets log-in credentials.
Our researchers discovered "Taskbar system" while inspecting dubious websites. It is promoted as a tool for altering the taskbar, e.g., color changes, transparency adjustments, etc. After examining this piece of software, we determined that it is a PUA (Potentially Unwanted Application) that opera
While inspecting dragonorders.com, we learned that it is a shady address commonly encountered when certain malicious extensions are added to browsers. Those malicious extensions redirect users to dragonorders.com to promote adware-type apps, browser hijackers, and other unwanted apps. Thus, apps a
Our researchers discovered Dispout while investigating suspicious websites. It is endorsed as a tool that allows users to schedule breaks (e.g., for stretching, exercising, etc.). However, upon inspection, we determined that Dispout is proxyware (an Internet bandwidth hijacker). Additionally, it i
While browsing questionable websites, our researchers found the Walliant application. It is endorsed as an app that automatically changes desktop wallpapers to stunning images from around the world. However, Walliant operates as proxyware, i.e., it hijacks Internet bandwidth. This app might also
We examined the email and found that it is a deceptive message, commonly referred to as a phishing attempt, orchestrated by scammers. Their primary objective is to deceive recipients into divulging personal information by tricking them into accessing a fraudulent webpage designed to mimic a legiti
Glorysprout is a piece of malicious software written in the C++ programming language. It is a stealer that targets cryptocurrency wallets, log-in credentials, credit card numbers, and a variety of other sensitive information. Glorysprout is based on Taurus stealer, which has been discontinued and
During our assessment of malware samples uploaded to VirusTotal, it was discerned that Afire is ransomware designed to prevent victims from accessing files by encrypting them. Also, Afire renames files by appending the ".afire" extension to filenames and provides a ransom note ("Restore.txt"). An