After downloading and adding the Simple AdBlock browser extension, we learned that it has parameters of advertising-supported software - it displays annoying advertisements. We discovered Simple AdBlock on a questionable website. It is worth mentioning that most users download and install adware i
Clean Notifications is the name of a rogue browser extension. It operates by modifying browser settings in order to cause redirects to the cleannotifications.com fake search engine. Additionally, this extension spies on users' browsing activity. Due to this behavior, Clean Notifications is classif
Our research team discovered the MomentTech app during a routine inspection of new submissions to VirusTotal. After inspecting this application, we determined that it operates as advertising-supported software (adware). It is pertinent to mention that MomentTech belongs to the AdLoad malware fam
We have examined opposeetwo[.]xyz and learned that it is a deceptive site that runs the "You've visited illegal infected website" scam and asks for permission to show notifications. Our team discovered opposeetwo[.]xyz while inspecting websites that use rogue advertising networks (redirect visitor
Sites usage is the name of a rogue browser extension that our research team discovered while investigating deceptive software-promoting websites. This extension is presented as a tool that can provide website usage and maliciousness data. However, our inspection of Sites usage revealed that it ope
We have tested the Stop AdBlocker browser extension and found that it operates as an advertising-supported application. It displays intrusive advertisements. Also, Stop AdBlocker can read and change data on all websites. We have discovered Stop AdBlocker on a shady web page. Ads displayed
While inspecting new submissions to VirusTotal, our researchers discovered the Allock ransomware. This malicious program is part of the MedusaLocker ransomware family. After a sample of Allock was executed on our testing system, it encrypted files and appended their filenames with a ".allock8" ex
Sxn is ransomware - malware that blocks access to files by encrypting them. Unlike most ransomware variants, Sxn does not append its extension to the filenames of encrypted files. However, it drops 26 files with no data in them with the ".Locked" extension. Also, Sxn displays a pop-up window conta
CodeRAT is the name of an information stealer aimed at Ukrainian-speaking users. Cybercriminals use it to steal sensitive information. Typically, malware of this type targets data that can be used to steal online accounts, money, identities, etc. It often runs silently in the operating system to a
Our inspection of the "Session Validation Error" spam email revealed that it operates as a phishing scam. The letter states that an error occurred in the recipient's mailbox. When an attempt is made to rectify the error – the user is redirected to a phishing website. This page mimics the recipient