While investigating untrustworthy websites, our researchers discovered the Quotes Srch Tab browser extension. It is endorsed as an extension that displays seaside-themed browser wallpapers featuring famous quotes. After examining Quotes Srch Tab, we determined that it is a browser hijacker. It mo
During our investigation of suspicious websites, we came across thepharmadds[.]com, which attempts to present misleading notifications to visitors. This website uses clickbait to convince users to grant permission to receive notifications from it. Thus, users are advised not to trust thepharmadds[
During our investigation of addinglobal[.]com, we discovered that it is among the websites created to deceive visitors into consenting to receive notifications. These notifications can be bothersome and invasive, and in some cases, they may even carry malicious content. Typically, users open sites
Shampoo is the name of a browser extension, which is proliferated in the latest ChromeLoader malware campaign. This piece of software operates primarily as a browser hijacker, but it also has adware functionalities. Shampoo is similar to the Ring browser hijacker, although the former is more soph
While analyzing malware samples submitted to VirusTotal, we came across Bhgr, a member of the Djvu ransomware family. Bhgr encrypts files on the compromised system and appends the ".bhgr" extension to their filenames. Also, Bhgr generates a ransom note ("_readme.txt" file). To illustrate the file
During our investigation of websites utilizing rogue advertising networks, we came across getgadsgroup[.]com, a site that employs a deceptive tactic to lure visitors into subscribing to notifications. It is important to note that users do not deliberately navigate to pages like getgadsgroup[.]com.
BabyDuck is a ransomware-type program we discovered while examining new submissions to VirusTotal. This malicious program is based on Babuk ransomware. On our testing system, a sample of BabyDuck encrypted files and appended their filenames with a ".babyduck" extension. For example, a file origin
After investigating the "New Webmail Version" email, we determined that it is spam. This letter encourages the recipient to switch their Webmail account to the latest version. The aim of this phishing mail is to obtain email account log-in credentials. The email with the subject "New lette
Keywordssearching.com is the address of a fake search engine. Websites of this kind are usually promoted (via redirects) by browser hijackers. This software modifies browser settings for this purpose. Furthermore, both illegitimate search engines and browser-hijacking software typically collect us
Upon investigating tapheshusurvey[.]space, we determined that it is an untrustworthy website that engages in survey scams. Additionally, tapheshusurvey[.]space wants to display notifications and redirects users to other websites. It is important to note that users do not intentionally visit pages