Our research team found the Colour Cure browser extension during a routine inspection of dubious websites. This piece of software makes changes to browser settings in order to promote (via redirects) the colourcure.xyz illegitimate search engine. Due to this behavior, Colour Cure is classed as a b
The Cryptology browser extension promises to display cryptocurrency price charts that update themselves in real-time. We discovered this piece of software while investigating dubious websites. Our analysis revealed that The Cryptology is a browser hijacker. This extension makes alterations to brow
During a routine inspection of new submissions to the VirusTotal website, our research team discovered FormatConnection. After analyzing this app, we learned that it is adware belonging to the AdLoad malware family. FormatConnection operates by running intrusive advertisement campaigns.
Oortagle[.]top is a rogue webpage that promotes dubious content and spam browser notifications. Additionally, it can redirect users to different (likely unreliable/hazardous) websites. Most visitors to pages like oortagle[.]top enter them via redirects generated by sites using rogue advertising ne
Our researchers discovered the QR Code Search browser extension while investigating suspect websites. Following our examination, we determined that this is browser-hijacking software. It makes alterations to browser settings in order to promote the qrcodeme.xyz fake search engine. QR Code Search a
Shop Assistant is a browser extension that promises to add shopping offers to the users' search results. This is a piece of advertising-supported software (adware), and its ads can be displayed on interfaces outside of search engines. Furthermore, this extension collects sensitive user data. Our
Protected Browse is a rogue browser extension that promises to block access to malicious websites. We discovered this piece of software during a routine inspection of untrustworthy sites. Our investigation revealed that Protected Browse modifies browser settings to promote the protectedbrowse.com
While investigating deceptive websites, our research team found the Changify browser extension. It promises to display browser wallpapers. However, after examining this piece of software, we determined that it is a browser hijacker. Changify makes changes to browser settings in order to endorse (
After analysis, it has come to our attention that GoT Phrases modifies the settings of a web browser to promote a specific address (a fake search engine). This activity falls under the category of browser hijacking. Additionally, GoT Phrases can read certain data. Thus, users are advised not to tr
While investigating new file submissions to the VirusTotal website, our researchers discovered the Intel ransomware. This malicious program is part of the Dharma ransomware family. Intel malware encrypts data and demands payment for its decryption. On our test machine, the files encrypted by Inte