Our analysis shows that Nobody is ransomware based on the Chaos ransomware. We discovered Nobody while analysing samples uploaded to VirusTotal. Once executed on the device, this ransomware encrypts files and appends its extension (four random characters, like ".ckoz") to filenames. Also, Nobody d
During the inspection of hatetoryse[.]com, we determined that the website is deceptive. After being opened, it shows a misleading message designed to trick visitors into enabling its notifications. Once granted permission, hatetoryse[.]com delivers false alerts and similar notifications that can o
While browsing suspicious websites, our research team discovered the rhestencent[.]com rogue page. It operates by endorsing browser notification spam and producing redirects to other (likely dubious/dangerous) sites. Rhestencent[.]com and similar webpages are predominantly accessed via websites ut
Our research team found the forralips[.]com rogue page while inspecting questionable websites. Upon further investigation, we determined that this webpage endorses browser notification spam and produces redirects to different (likely unreliable/dangerous) sites. Forralips[.]com and analogous pages
Trap is a ransomware-type program discovered by our research team during a routine review of new file submissions to the VirusTotal platform. Trap is part of the MedusaLocker ransomware family. This malware encrypts data and demands ransoms for its decryption. After we executed a sample of this r
While browsing new file submissions to the VirusTotal website, our researchers discovered Monkey ransomware. This malicious program is designed to encrypt data and demand payment for its decryption. On our test machine, this ransomware encrypted files and added a ".monkey" extension to their name
Lexornero.co[.]in is the address of a rogue page that promotes browser notification spam and generates redirects to other (likely untrustworthy/dangerous) websites. Most visitors to this webpage access it via redirects caused by sites that use rogue advertising networks. In fact, our researchers d
Our research team found the kyronero.co[.]in rogue webpage during a routine inspection of untrustworthy sites. Upon examination, we learned that it promotes spam browser notifications and redirects visitors to different (likely unreliable/dangerous) websites. Most users access pages like kyronero.
While inspecting munprost[.]com, we found that the site is deceptive. Once accessed, it displays a fake message to lure visitors into agreeing to receive its notifications. Moreover, if munprost[.]com obtains this permission, it sends fake warnings and similar messages to promote other potentially
Kyber is ransomware that we discovered while checking malware samples submitted to VirusTotal. Our analysis shows that Kyber encrypts files and appends ".#~~~" to filenames. For example, it changes "1.jpg" to "1.jpg.#~~~", "2.png" to "2.png.#~~~", and so forth. Kyber also creates a ransom note ("R