While investigating dubious websites, our researchers found the heoqp[.]info rogue page. It is designed to promote browser notification spam and produce redirects to various (likely suspicious/harmful) sites. The majority of the visitors to heoqp[.]info and similar webpages access them through red
Atomic is ransomware that we discovered while analysing malware samples uploaded to VirusTotal. It belongs to the Makop family and, once executed, encrypts files, changes the desktop wallpaper, and creates a ransom note ("+README-WARNING+.txt"). Also, Atomic appends the victim's ID, an email addr
Our analysis of polzbtcs[.]info has revealed that it uses clickbait to obtain permission to deliver notifications. If users accept notifications from polzbtcs[.]info, they can be bombarded with deceptive alerts and other messages of this kind. Thus, it is advisable to avoid polzbtcs[.]info and nev
Our team has reviewed orprotocol[.]pro and found that it is designed to trick visitors into giving it permission to show notifications. If allowed, orprotocol[.]pro can send fake notifications (e.g., system warnings) to lure users into opening other, potentially malicious sites. Orprotocol
Our researchers discovered the Bash 2.0 ransomware (also known as Bash Red) while inspecting new file submissions to VirusTotal. This malicious program is based on the Chaos ransomware. Bash 2.0 encrypts data and demands ransoms for its decryption. On our test machine, the malware encrypted files
While browsing dubious websites, our research team found the anesibulmiseed[.]com rogue page. It is designed to endorse browser notification spam and generate redirects to different (likely untrustworthy/hazardous) sites. Anesibulmiseed[.]com and similar webpages are most commonly accessed via re
Our researchers discovered Nebula ransomware while investigating new file submissions to the VirusTotal platform. Ransomware is designed to encrypt data and demand ransoms for the decryption. After we executed a sample of Nebula on our testing system, it encrypted files and appended their names w
Coctivilry[.]com is the address of a rogue webpage. It endorses spam browser notifications and generates redirects to different (likely unreliable/hazardous) sites. Our researchers discovered this page while investigating websites utilizing rogue advertising networks. In fact, most users access co
Our researchers discovered this fake "Giza Rewards" webpage during a routine investigation. This page imitates the Giza platform (gizatech.xyz), yet bears no actual association with it. The scam lures users with a promise of rewards into exposing their digital wallets to a cryptocurrency drainer.
Our inspection of funadsfeed[.]top has revealed that it is an unreliable site created to lure visitors into agreeing to receive its notifications. If allowed, funadsfeed[.]top can deliver misleading alerts and similar messages that can lead users to potentially malicious websites. Funadsfe