Our researchers found the Dancing Tubes browser extension during a routine inspection of dubious websites. After analyzing this extension, we determined that it operates by hijacking browsers. Dancing Tubes makes alterations to browser settings in order to promote (via redirects) the search.danci
While examining malware samples submitted to VirusTotal, our team came across Wspn, a Djvu ransomware family member. Wspn's main objective is to encrypt files, and it also modifies filenames by adding the ".wspn" extension. Furthermore, it creates a ransom note named "_readme.txt". As an example,
In our investigation of Gradient Blobs, we discovered that this extension operates as a browser hijacker. Our findings revealed that its primary aim is to endorse search.gradientblobs.net, a deceptive search engine. Gradient Blobs accomplishes this by altering the settings of a web browser.
Our research team discovered the TechnoJourney app while inspecting new submissions to the VirusTotal site. This piece of software operates as adware. Additionally, TechnoJourney is part of the AdLoad malware family. Adware stands for advertising-supported software. It displays adverts o
During our analysis of newly submitted samples on VirusTotal, our researchers came across the ValueEver application. After conducting a thorough examination of ValueEver, we have found that it functions as adware. Its main purpose is to show advertisements. Pretty often, apps of this type are di
Nitrogen is a malicious campaign in which cybercriminals exploit Google and Bing ads to target users searching for specific IT tools. The objective is to infiltrate enterprise environments and inject tools like Cobalt Strike. The attackers aim to gain unauthorized access to these environments and
After analyzing VentureConnect, our team has determined that its primary function is to display bothersome advertisements to users. Such applications fall under the category of adware. It is important to highlight that it is common for apps like VentureConnect to be downloaded and installed unkn
After examining the Retro Sunset browser extension, it became apparent that its purpose is to act as a browser hijacker to promote search.retrosunset.net, a fake search engine. Retro Sunset modifies the settings of a web browser to take control over it. Most users unknowingly download and add app
While inspecting suspicious sites, our researchers discovered the AerospaceSearchTab browser extension. It is presented as a piece of software that displays aerospace-themed browser wallpapers. However, after analyzing AerospaceSearchTab, we learned that it is a browser hijacker promoting the aero
Our researchers discovered the VirtualNano app during a routine inspection of new submissions to VirusTotal. After examining this application, we determined that it is advertising-supported software (adware). It is pertinent to mention that VirtualNano is part of the AdLoad malware family.