ZV is ransomware belonging to the Dharma family. Our team has discovered it while inspecting samples submitted to VirusTotal. Once executed, ZV encrypts files and appends the victim's ID, an email address, and the ".ZV" extension to them. For example, it changes "1.jpg" to "1.jpg.id-9ECFA84E.[zele
Our analysis of dofirewall.co[.]in indicates that the site is crafted to present misleading content in an attempt to persuade visitors to allow it to send notifications. Once this consent is given, it can push deceptive messages to manipulate users into engaging with them. These notifications can
Our researchers discovered this rushuplab.co[.]in rogue page while inspecting suspicious websites. It endorses browser notification spam and produces redirects to different (likely unreliable/dangerous) sites. Rushuplab.co[.]in and similar webpages are most commonly accessed via redirects caused b
Nkw-protect[.]pro is a rogue page discovered by our researchers during a routine investigation. This webpage is designed to promote browser notification spam and redirect visitors to other (likely unreliable/hazardous) sites. Most users access pages like nkw-protect[.]pro via redirects caused by w
Our inspection of the "Humanitarian Aid And Compensation" email revealed that it is spam. This phishing message seeks to acquire private information by claiming the recipient is eligible to receive 1.5 million EUR as compensation or aid. It must be emphasized that this email is fake and not associ
While investigating suspicious sites, our researchers discovered this fake "Origin Ether (oETH)" airdrop. The deceptive webpage imitates the Origin Protocol platform (originprotocol.com). This scam operates as a cryptocurrency drainer, i.e., by stealing funds from exposed digital wallets. IM
Our team has inspected the email and concluded that it is a deceptive notification regarding a pending internal audit document. The goal is to steal personal information from unsuspecting recipients via a fake website. Such scams are classified as phishing emails. Recipients should always ignore s
Our examination of obeionalmitive[.]com has shown that this site is designed to display deceptive content to lure visitors into agreeing to receive its notifications. Once permission is granted, obeionalmitive[.]com can deliver fake messages created to trick users into interacting with them.
Mastablegary[.]com is a rogue webpage found by our researchers during a routine inspection of untrustworthy sites. After examining this page, we determined that it promotes browser notification spam and generates redirects to other (likely dubious/malicious) websites. Users most commonly access m
SafeLocker is ransomware that we discovered during an inspection of malware samples uploaded to the VirusTotal site. Once active, SafeLocker encrypts the victim's files and appends its extension (".8xUsq62"). For example, it renames "1.jpg" to "1.jpg. 8xUsq62", "2.png" to "2.png.8xUsq62", etc. Als