Our researchers discovered the NonLight browser extension while inspecting dubious software-promoting websites. While this piece of software promises to enable dark mode for simple design webpages, NonLight operates as adware instead. Adware stands for advertising-supported software. It en
While inspecting deceptive software-endorsing websites, our researchers discovered the Mix Colors rogue browser extension. It is promoted as a tool capable of changing webpage background colors. Our analysis of this extension revealed that it operates as adware instead. Adware stands for a
Maincaptcha[.]top is an untrustworthy website that displays deceptive to trick visitors into agreeing to receive its notifications. Also, it redirects to other pages of this kind (one of them is a scam site). We discovered maincaptcha[.]top while inspecting torrent sites, illegal movie streaming p
GriftHorse is the name of a trojan-type malware targeting Android devices. It is designed to infiltrate systems and stealthily subscribe victims to premium-rate mobile services. GriftHorse's campaigns are aggressive and extensive. According to Zimperium's researchers, this malware is active in ov
PINEFLOWER is the name of a malware family targeting Android operating systems. Malicious programs belonging to PINEFLOWER have a wide variety of functionalities, e.g., the ability to cause chain infections (download/install additional malware), steal data, spy, and others. Mandiant researchers h
While examining a suspicious page, we discovered an unreliable application called Gallery. After downloading and installing this app, we learned that it generates advertisements (it functions as adware). We also noticed several processes named "nwjs" running in the Task manager while the Gallery a
BluelightFurry is a rogue app that our researchers found while investigating new submissions to VirusTotal. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family. BluelightFurry operates by running intrusive ad campaigns, and it may also have br
After inspecting this email, we learned that it is sent by scammers who aim to trick unsuspecting recipients into providing personal information. The scammers behind this email are pretending to be email service providers. They use a phishing website to extract information from recipients.
Our research team discovered the Gaqtfpr ransomware-type program while inspecting new submissions to VirusTotal. We determined that this program is part of the Snatch ransomware family. When we launched a sample of Gaqtfpr on our testing system, it encrypted files and appended their filenames wit
Servidoracessobanco is ransomware that belongs to a ransomware family called Amnesia. Our malware researchers discovered it while examining samples submitted to VirusTotal. The purpose of Servidoracessobanco ransomware is to encrypt files (keep them inaccessible until they are decrypted). Additio