In June 2020, antivirus product vendors reported a new malware family known as GoldenSpy . The newly identified threat was distributed by using a very interesting delivery method – it was planted in legitimate tax software offered by a China-based bank. Often, foreign companies co-operating with the China organization in question were asked to install the tax software, therefore unknowingly planting the GoldenSpy backdoor on their networks. Surprisingly, the second piece of malware was...

Sationfairli.club is a page dedicated to tricking visitors into subscribing to its notifications. Of course, users would not agree to view a random website's notifications in their Web browser, and this is why Sationfairli.club displays misleading instructions to acquire permission from its visitors. For example, it may show a prompt saying that the content the user is trying to access can only be viewed after they confirm that they are not a robot. To do this, users are told to click 'Allow'...

Pushark.info is a Web page that specializes in hijacking the Web browser notifications of the users who come across it. The page does by using a very simple trick – it shows a fake video player, and prompts the user to click on the 'Allow' button to enable video playback. However, the 'Allow' button is not related to any videos, and it is meant to enable Pushark.info's notifications. If you fall for this trick, you may unknowingly subscribe to Pushark.info's notifications, and allow the...

Free Package Tracker Plus is a browser add-on that is being promoted via its official website that poses as a free file conversion tool. However, if you stumble upon Free Package Tracker Plus's website and try to use the converter there, you may be immediately prompted to install the Free Package Tracker Plus add-on to continue. While this add-on is not harmful at all, it may modify your Web browsing experience in a negative way – it does this by forcing you to see unwanted ads and pop-ups,...

Free File Converter Pro is a trouble-making browser add-on, which demands the following permission when you install it – 'Read and change all your data on the website you visit.' By abusing this feature, Free File Converter Pro can inject advertisements, pop-ups, banners, hyperlinks, and all sorts of marketing content in the website you visit. Needless to say, this behavior is very intrusive and annoying, and you should not use software that has such traits. While the core functionality of...

FunctionRecord is a misleading Mac application that may promise you great things, but its true purpose is to bring more traffic to a search engine affiliated with Safe Finder. While the changes that FunctionRecord brings to your Mac are not dangerous, they may diminish the quality of your Web browsing sessions by forcing you to use a search engine that you are not familiar with. Furthermore, there is no guarantee regarding the reliability of Safe Finder's search algorithm – it may prioritize...

The Chinoxy Backdoor is a new threat that takes advantage of the panic surrounding the COVID-19 pandemic. There is suspicion that the attacks via the Chinoxy Backdoor are being orchestrated by a Chinese threat actor, but we are yet to see a specific group being linked to these attacks – however, the fact that the malware uses the Royal Road RTF builder is an almost guaranteed sign that Chinese threat actors are involved. The most recent COVID-themed email campaign to spread the Chinoxy...

The AgeLocker Ransomware is a file-locking Trojan with variants for macOS and Linux operating systems currently. The AgeLocker Ransomware uses a free tool, Age, to encrypt the user's data files and ask for a ransom via e-mail without leaving a ransom note on the infected system. Users remain capable of defending their data through well-maintained backups and should let professional anti-malware products detect and remove the AgeLocker Ransomware while re-securing any compromised networks....

B3hpy is a python-based piece of malware that targets Windows devices and focuses on stealing sensitive data from them. The first traces of the B3hpy campaign were spotted in the middle of 2019 when the malware was spread via phishing emails that targeted users in Middle Eastern countries. The B3hpy malware is believed to be linked to the BadPatch campaign that has been active in the Middle East since 2017. The malicious email messages used to deliver the B3hpy malware contain a file...

BadPatch is a malware family that has been closely observed by cybersecurity experts since 2017. The first samples of the BadPatch implants were distributed via fraudulent email attachments, and it seems that the operators of this malware continue to rely on the same tactics to this very day. One of the latest and prominent BadPatch campaigns took place in 2019 – the malware was distributed to victims in the Middle East, and it was often disguised as an important email attachment that...

Quick Mac Fixer is part of a series of fraudulent Mac applications that claim to have the ability to optimize Mac computers, therefore enhancing their performance and health. While there might be some minor benefits of using Quick Mac Fixer's services, you can rest assured that this utility is incapable of performing miracles when it comes to Mac optimization – the best it can do is to free up disk space by removing junk files. Unfortunately, many users might be tricked into thinking that...

Ldierextention.club is a misleading website that display fake prompts and alerts, which tell you that you need to confirm that you are not a robot by following the on-screen instructions. However, Ldierextention.club's statement is fake, and following its instructions will end up subscribing you to this page's annoying notifications. If Ldierextention.club is allowed to use notifications, it may begin to bother you regularly while you browse the Web – its notifications are not something that...

Online scams come in all shapes and forms, and they do not always aim to steal sensitive data from you. Often, these scams are pretty harmless, but falling for them may have some annoying consequences that you will have to deal with. An example of a harmless online scam to gain popularity over the past year is the one found on Sterringfeatur.club – this Web page is being promoted via online ads and pop-ups, and it contains a false message, which urges visitors to click 'Allow' to confirm that...

Rementsconce.club is a fake website that pretends to host entertaining content but, in reality, it is home to a basic scam whose ultimate goal is to hijack your Web browser's notifications. Falling for Rementsconce.club's scams is not detrimental for your computer's safety, and you should know that this is not a security concern. However, Rementsconce.club may make your Web browsing experience much less enjoyable by displaying dozens of unwanted notifications that may often promote dubious...

Online ads have always been a profitable venture for online con artists – this prompts crooks to look for new ways to deliver paid ads to your Web browser, without allowing you to get rid of them easily. One of the latest tricks in the playbook of online con artists are websites that are designed to hijack your Web browser's push notifications – this happens by displaying a fake prompt, which claims to serve a different purpose, such as confirming your identity. However, in reality, the...

Donalistsstope.club is a Web page that may display misleading messages that aim to trick you into believing that you need to confirm that you are not a robot by pressing 'Allow.' However, while the 'Allow' button can be seen on the screen, you can rest assured that it is not used to confirm anything regarding your identity – instead, it is meant to enable Donalistsstope.club to display notifications in your Web browser. If you allow this change, Donalistsstope.club may regularly flood your...

The Repl Ransomware is a file-locking Trojan that's part of a Ransomware-as-a-Service known as both STOP Ransomware and Djvu Ransomware. Symptoms of its presence include changes to filenames, encryption blocking your files from opening, unusual Windows update pop-ups and ransom notes. Well-secured backups are helpful for counteracting file-locking Trojans universally, and most anti-malware programs should delete the Repl Ransomware quickly. With a domineering presence in the Windows threat...

The GNS Ransomware is a file-locking Trojan based on a Trojan-generating kit, the Crysis Ransomware. Its family, also referred to as Dharma Ransomware, is noteworthy for using secure encryption attacks that stop users' files from opening and ransoming a recovery solution. Users can keep backups on other devices as alternate recovery options and depend on most anti-malware tools to remove the GNS Ransomware. As the Dharma Ransomware family persists in its unlawful productivity, its...

The Felix Ransomware is a file-locking Trojan that's from the Crysis Ransomware or the Dharma Ransomware families. During infections, users may find media files incapable of opening in their programs and see ransoming messages, including pop-ups. Besides a properly secure backup for content recovery, appropriate measures include the use of anti-malware services to remove the Felix Ransomware entirely. Since the prominent Ransomware-as-a-Service families are so streamlined, any significant...

Rewardcircular.com is a page that may tell you that you have been chosen to win a great prize – the Web page is designed to look a lot like Facebook but, surprisingly, it does not claim to be affiliated with the social media network. One of the prizes that often can be seen in Rewardcircular.com's pop-ups is an Amazon Gift Card worth $1,000 – visitors are told that they have to click 'Ok' to proceed to the page where they can claim their prize. Beneath the message, users will see a series of...