While inspecting new submissions to the VirusTotal website, our researchers found the MajorBuffer application. After examining it, we determined that this app is adware (advertising-supported software) from the AdLoad malware family. Adware is designed to generate revenue for its develop
Pe32s is a piece of malicious software classed as ransomware. It operates by encrypting data and demanding ransoms for the decryption. After we executed Pe32s on our test machine, it encrypted files and altered their names. The titles were modified following this pattern – "[org_filename].[victim
Celestial is a stealer written in JavaScript. As the classification implies, this malware steals information from systems and installed programs. This stealer targets Windows 10 and 11 operating systems. Celestial is offered as MaaS (Malware-as-a-Service) in multiple configurations for various pa
Spectrum is a piece of malware written in the Go programming language, specifically designed to steal sensitive information from infected devices. Due to this functionality, it is categorized as an information stealer. Spectrum should be eliminated as soon as possible if present on the system.
Found-cash-now[.]com is a rogue page discovered by our research team during a routine investigative session into questionable sites. Upon inspection, we learned that it endorses browser notification spam and generates redirects to other (likely unreliable/dangerous) websites. The majority of visi
Our team has reviewed globalvpnnewse[.]top and determined that its main goal is to gain permission to send notifications. However, the site uses deceptive clickbait tactics to trick users into granting this permission. For this reason, it is strongly recommended to avoid allowing sites like global
Forexsnap[.]site is a rogue page discovered by our research team during a routine inspection of dubious websites. Our examination of this webpage revealed that forexsnap[.]site promotes browser notification spam and redirects to other (likely questionable/malicious) sites. Most visitors enter for
Our team has inspected globalvpnnewsu[.]top and concluded that the purpose of this site is to obtain permission to show notifications. However, it uses clickbait (a deceptive method) to trick users into granting it this permission. Therefore, it is strongly advisable against allowing pages like gl
While inspecting suspicious websites, our researchers discovered the swiftheadlines[.]site rogue page. After investigating it, we learned that it endorses browser notification spam and produces redirects leading users to other (likely unreliable/dangerous) sites. Swiftheadlines[.]site and similar
After examining eadderea[.]com, we found that it displays deceptive content to convince users to enable notifications. Once permitted, the site can bombard users with fake alerts and other misleading messages. Engaging with these notifications can lead users to shady websites. Thus, eadderea[.]com