We have reviewed flashpushalerts[.]top and concluded that its purpose is to obtain permission to show notifications. If this permission is granted, flashpushalerts[.]top can send deceptive notifications. Interacting with these notifications can lead users to untrustworthy websites. Flashpu
Warlock Group is ransomware that seems to be some variant of the X2anylock ransomware. Once infiltrated, it encrypts data and appends the ".x2anylock" extension to files. For example, it renames "1.jpg" to "1.jpg.x2anylock" and "2.png" to "2.png.x2anylock". Also, Warlock Group creates a ransom not
Flymedianews[.]info is a rogue page discovered by our researchers while browsing dubious websites. Upon examining this webpage, we learned that it endorses browser notification spam and produces redirects to other (likely suspect/harmful) sites. Pages like flymedianews[.]info are primarily accesse
While investigating dubious websites, our researchers discovered the flastioness[.]com rogue page. Its purpose is to trick visitors into permitting browser notification spam. This webpage can also generate redirects to other (likely unreliable/hazardous) sites. Most users access flastioness[.]com
Our researchers discovered GAGAKICK while browsing new submissions to the VirusTotal platform. This malicious program is classed as ransomware, a type of malware that encrypts data and demands payment for the decryption. Once we executed a sample of GAGAKICK on our test machine, it encrypted file
While investigating questionable sites, our research team found the rpconcepts[.]xyz rogue webpage. It is designed to endorse browser notification spam and produce redirects to different (likely untrustworthy/hazardous) websites. Rpconcepts[.]xyz and analogous pages are mainly accessed via redirec
Ryouthed[.]com is a rogue page discovered by our researchers during a routine investigation of suspicious websites. After inspecting this webpage, we learned that it promotes browser notification spam and generates redirects to different (likely unreliable and/or hazardous) sites. Most visitors t
We have examined RTRUE and found that it operates as ransomware. Once executed, it encrypts files, appends the ".RTRUE" extension to them, and drops a ransom note ("readme.txt"). An example of how files encrypted by RTRUE are renamed: "1.jpg" is changed to "1.jpg.RTRUE", "2.png" to "2.png.RTRUE",
Our analysis of thethunnic[.]com has shown that this page uses clickbait to get permission to send notifications. If it obtains this permission, it can show deceptive warnings and other misleading messages to trick users into opening other, potentially malicious websites. Thethunnic[.]com and simi
Our researchers found the Dev ransomware while browsing new submissions to the VirusTotal website. This malicious program is part of the Makop ransomware family. Ransomware operates by encrypting victims' files to demand ransoms for the decryption. After we executed a sample of Dev on our test ma