Our research team found the fieryforgekeeper[.]top rogue page while investigating dubious websites. It promotes browser notification spam and redirects users to different (likely unreliable/harmful) sites. Users predominantly enter pages like fieryforgekeeper[.]top via redirects caused by website
Namaste Tab is a browser extension that we discovered while reviewing dubious websites. Our analysis revealed that this extension is browser-hijacking software. It modifies browser settings in order to promote (via redirects) the privatesearchqry.com illegitimate search engine. Browser hij
Our research team found the BudgetBuddy browser extension during a routine investigation of suspicious sites. This extension is promoted as a tool that allows users to manage their monthly budget. However, following our inspection, we determined that BudgetBuddy is a browser hijacker. It makes ch
Our examination of the "WebMail Server Manager" email revealed that it is malspam. This spam letter informs the recipient that multiple messages have failed to reach their inbox. Supposedly, the undelivered emails can be found in the attachments. The attached files are identical, and both are des
AdAssistant is an application that our researchers discovered while inspecting deceptive sites. After investigating this piece of software, we determined that it is adware. Additionally, the installation setup containing AdAssistant was bundled with the Shop and Watch, ChatGPT Check, and NXD Fix r
After examining this letter, we have concluded that its intent is to deceive recipients into infecting their computers. The email appears as a correspondence related to shipping bills and export declaration forms, but it includes an attachment specifically crafted to introduce Remcos RAT into the
Our research team discovered the NIGHT CROW ransomware while inspecting new submissions to the VirusTotal website. This program is designed to encrypt data and demand payment for its decryption. On our test machine, NIGHT CROW encrypted files and appended their filenames with an extension. The ti
The BBTok is a banking Trojan written in Delphi equipped with specialized functionality that mimics the interfaces of over 40 Mexican and Brazilian banks. Its deceptive tactics involve luring victims into divulging their 2FA codes for bank accounts or their payment card numbers. Additionally, BBT
IRATA is the name of an Android-specific malware. This program has spyware and stealer capabilities. It was discovered after a smishing (SMS phishing) attack in Iran. This campaign entailed legitimate-looking SMSes containing a link to a fake governmental website. The page urged visitors to downlo
During an examination of the Shop and Watch browser extension, we discovered that it displays annoying advertisements. Thus, Shop and Watch can be classified as adware. Also, Shop and Watch adds the "Managed by your organization" feature to Chrome browsers and can read various data. Users should n