TriangleDB is a spyware-type program. It is designed to extract/record and exfiltrate vulnerable data from infected iPhone devices. TriangleDB has been observed being injected into devices by the Triangulation backdoor. This malware campaign is sophisticated; the infection is triggered without
Triangulation is the name of malware targeting iOS devices. It is part of a highly sophisticated campaign. Triangulation serves as a backdoor – a program that opens a "backdoor" for further infections. The malware can gather basic device/user data and download/install additional malicious compon
During our investigation of ooumoughtcall[.]com, we discovered that it is a deceptive website that presents a misleading message to entice visitors into consenting to receive notifications. Furthermore, ooumoughtcall[.]com can download a potentially harmful file. As a result, it is advisable to ex
During our examination of web pages linked to unreliable advertising networks, we encountered heavypcprotection[.]com. Our investigation revealed that heavypcprotection[.]com is an untrustworthy website known for promoting the "McAfee - Your PC is infected with 5 viruses!" scam. Furthermore, heavy
Sqoo search engine is the name of an extension that operates as a browser hijacker. This piece of software makes changes to browser settings in order to generate redirects that go through the sharesceral.uno and sqoo.co fake search engines. Additionally, this browser extension spies on users' brow
During a routine inspection of new submissions to VirusTotal, our researchers found the PrimaryRemote application. Our examination revealed that this app operates as advertising-supported software (adware). We also determined that PrimaryRemote is part of the AdLoad malware family. Adwar
PrimaryBuffer is a rogue application that our research team discovered while investigating new submissions to VirusTotal. After examining this piece of software, we determined that it is adware belonging to be AdLoad malware family. Adware stands for advertising-supported software. Its p
Bfjaxi[.]cfd is a shady website that our team encountered while examining sites that use rogue advertising networks. While inspecting bfjaxi[.]cfd, we noticed that this website uses a deceptive approach to receive permission to show notifications. It is worth mentioning that users often land on su
RDStealer is a data-stealing malware written in the Go programming language. This stealer's infection chain includes the Logutil backdoor – a type of malware designed to open a "backdoor" into a system to further the infection. Logutil is likewise based on Go, and it is a cross-platform malware ca
Our team discovered that vanttop[.]com is an untrustworthy page designed to lure visitors into granting it permission to send notifications. Users who visit vanttop[.]com are presented with misleading content (an image and text). It is worth noting that users rarely visit sites like vanttop[.]com