OpenCandy is the name of an advertising-supported application. We discovered this application while analyzing the samples submitted to the VirusTotal page. OpenCandy generates unwanted advertisements, manipulates the settings of a web browser, and adds extensions/plug-ins to it. Moreover, it gathe
UltraCouponSearch is a rogue browser extension that operates as a browser hijacker. This piece of software makes modifications to browser settings in order to promote the ultracouponsearch.com fake search engine. UltraCouponSearch likely spies on users' browsing activity as well. Browser-h
VileRAT is the name of a Remote Access Trojan (RAT) - malware that gives the attacker administrative control over a target computer. It is known that cybercriminals behind VileRAT are targeting foreign and cryptocurrency exchanges. This RAT is capable of executing remote commands, keylogging, and
Malware developers often use legitimate services to diminish the detectability of their creations, and VIPSpace is an example of this. The VIPSpace malware abuses the Discord messaging platform to proliferate its payloads. This malicious program serves as a backdoor for other malicious software t
While analyzing the advertisingvt[.]com website, we learned that it uses deception to trick visitors into allowing it to show notifications and redirects them to other untrustworthy pages. We discovered this site while inspecting pages that use rogue advertising networks. Typically, users end up o
After downloading Eye Protection from a shady website and adding it to a browser, we found that it is an extension designed to show unwanted advertisements. Software that generates ads is classified as adware. In addition to showing ads, Eye Protection can read and change all user's data on all we
Broworker1s[.]com is a rogue webpage that we discovered during a routine inspection of dubious sites. This page operates by promoting spam browser notifications and redirecting visitors to different (likely untrustworthy/malicious) websites. Most users enter pages of this kind via redirects caused
During a routine investigation of untrustworthy websites, our research team discovered the aspectsofc[.]hair rogue page. It is designed to load deceptive material, promote browser notification spam, and cause redirects to other (likely dubious/malicious) sites. Users typically access aspectsofc[.
After examining the 18plusvideos[.]me page, we found that its purpose is to get permission to show notifications. It uses a clickbait technique to trick visitors into granting that permission. Additionally, 18plusvideos[.]me can redirect visitors to a similar web page. Typically, visitors open suc
Basitrackone[.]space is a website that shows a deceptive message to trick visitors into allowing it to show notifications and redirects them to other websites. Our team discovered this site while inspecting pages that use rogue advertising networks. Like all the other pages of this type, basitrack