While investigating untrustworthy sites, our research team discovered the wns-protect[.]pro rogue webpage. After examining it, we determined that this page promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Redirects generated by websites utilizin
Our team found that efispentapped.co[.]in uses clickbait to obtain permission to show notifications. After permission is granted, the site can send misleading messages that might lead users to suspicious websites. It is best to avoid this site and close it if you come across it. When users
Our team discovered that bacysobste[.]com tries to trick visitors into agreeing to receive its notifications. Once permission is given, the site can deliver deceptive alerts that may direct users to shady websites. It is advisable to avoid this site and close it immediately if you encounter it.
Our discovery of KREMLIN occured during an inspection of samples uploaded to VirusTotal. Upon testing the malware, we found that it is ransomware. KREMLIN is designed to encrypt files and append the ".KREMLIN" extension to them. It also creates a text file ("README.txt") containing a ransom note.
Our researchers found cousicyl[.]com while investigating untrustworthy websites. Upon examination, we determined that this rogue page endorses spam browser notifications and redirects users to other (likely dubious/dangerous) sites. Cousicyl[.]com and analogous webpages are primarily accessed thr
While browsing suspect sites, our research team discovered the clonexvoro.co[.]in rogue webpage. Upon inspection, we learned that it endorses browser notification spam and produces redirects to different (likely untrustworthy/dangerous) websites. Most visitors to pages like clonexvoro.co[.]in acce
Achabaritic.co[.]in is a rogue page promoting browser notification spam and redirecting visitors to other (likely untrustworthy and/or malicious) websites. Our researchers discovered this webpage while investigating sites that use rogue advertising networks. In fact, most visitors to pages like a
Our research team found the RestoreMyData ransomware during a routine review of new malware submissions to the VirusTotal website. Programs within the ransomware classification encrypt data and demand payment for its decryption. On our test machine, RestoreMyData encrypted files and appended thei
Our inspection of the "RITCHMEN (S) PTE LTD" email revealed that it is spam. This message claims that the recipient has been sent an invoice and is requested to confirm the payment. It must be emphasized that this spam campaign is not associated with any legitimate entities. This email aims to lur
Our researchers discovered the Level ransomware while browsing new submissions to VirusTotal. This program is part of the Babuk ransomware family. Ransomware operates by encrypting data and demanding ransoms for the decryption. On our testing system, Level encrypted files and added a ".level" ext