Verblecon is a piece of malware that operates as a loader - it drops the other malicious content on the computers infected with it. We have found that cybercriminals are using Verblecon to distribute cryptocurrency miners. However, it can also be used to drop other malware (for example, ransomware
We have discovered the Defense-Search browser extension during our periodical research on sites that use shady advertising networks. It was found that this app changes the settings of a browser to promote defense-search.xyz - a fake search engine. Apps that promote fake search engines this way are
During a routine inspection of untrustworthy sites, our research team found the totaldatasecuritycentr[.]com rogue webpage. It is designed to load deceptive content, push browser notification spam, and redirect visitors to other (likely unreliable/malicious) websites. Most users enter webpages li
We have discovered the ddenkno[.]xyz page while examining other pages (illegal movie streaming, torrent, and similar sites) that use rogue advertising networks. The purpose of ddenkno[.]xyz is to trick visitors into allowing it to show notifications and redirect them to other dubious sites.
While researching dubious download webpages, we discovered the Baro Search browser extension. After analyzing it, we determined that it operates as a browser hijacker and promotes the barosearch.com illegitimate search engine. Additionally, this piece of rogue software spies on users' browsing act
AlgorithmFormula is a piece of rogue software that our researchers discovered while looking through new submissions to VirusTotal. Following our analysis, we learned that this application operates as adware and belongs to the AdLoad malware family. Adware may require specific conditions
We have discovered the DaemonLogoffCompile application on an untrustworthy website. After downloading and installing this app, we found that it displays annoying/unwanted advertisements. Thus, it was concluded that DaemonLogoffCompile is a typical advertising-supported application. Adwar
Our team has discovered the darker page browser extension on a shady website (on a page that suggests that it may be required to install this app). We found that darker page is described as an app that provides a dark mode for simple pages. However, its description does not mention that this app f
Original dark is a browser extension our research team discovered while inspecting deceptive download pages. This piece of software promises to create a dark mode for websites. After analyzing original dark, we determined that this extension operates as adware. It is noteworthy that while
Our malware researchers have discovered a new Dharma ransomware variant called Snwd (it was found during the analysis of malware samples submitted to VirusTotal). Snwd encrypts files and appends the victim's ID, snowwind@tutanota.com email address, and the ".snwd" extension to filenames. Its ranso