Ritingsynther[.]com is a rogue page that we discovered while inspecting suspicious websites. It is designed to promote spam browser notifications and redirect users to other (likely untrustworthy/dangerous) sites. Users primarily access webpages like ritingsynther[.]com via redirects generated by
Our research team discovered the Cinema Pro browser extension. It is endorsed as a quick access tool to film-related content, such as streaming platforms, newest releases, reviews, top-rated movies, etc. However, our analysis revealed that Cinema Pro is a browser hijacker that promotes the find.ss
While investigating untrustworthy websites, our researchers discovered the Auto Refresh browser extension. This piece of software is supposedly designed to automatically refresh webpages within certain time intervals. After examining Auto Refresh, we determined that this extension operates as adwa
After analyzing iStart New Tab browser extension, our team learned that it functions as a browser hijacker by changing the browser settings to promote a fake search engine (letsearches.com). It is essential to note that users usually unintentionally add browser hijackers like iStart New Tab to the
Our examination of the "Request To Delete Your Email" letter revealed that it is spam. This email makes false claims regarding a request to terminate the recipient's mail account. The goal is to trick them into attempting to prevent the "deletion" by accessing a website promoted by the spam email,
"Chromium extension-loading shortcut virus" refers to a type of infection affecting Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and countless others. In these infections, modified LNK (Windows Shortcut) files are used to launch the legitimate browser alongside malicious exte
DarkVision is the name of a Remote Administration Trojan (RAT). Malware of this type is designed to provide unauthorized access to a victim's computer. The RAT allows attackers to control the infected computer remotely, giving them access to sensitive data and the ability to perform a range of mal
Akira is the name of ransomware designed to encrypt data, modify the filenames of all affected files (by appending the ".akira" extension), and create a ransom note ("akira_readme.txt"). Also, upon execution, Akira runs a PowerShell command to delete Windows Shadow Volume Copies on the device. An
Our team's analysis of the Toddler browser extension showed that it operates as a browser hijacker. Its main aim is to promote a fake search engine (finddbest.co). To achieve browser hijacking, Toddler alters the settings of the user's browser. It is worth noting that most users add browser-hijack
FSHealth is ransomware that blocks access to files by encrypting them. Also, FSHealth modifies filenames (by appending the victim's ID, email address, and ".locked" extension to them) and drops its ransom note ("How_to_decrypt_my_files.html"). An example of how FSHealth renames files: it changes