Glsadvertising[.]com is a rogue webpage designed to promote browser notifications spam and generate redirects to different (likely dubious/malicious) sites. Most visitors access pages like glsadvertising[.]com via redirects caused by websites utilizing rogue advertising networks. In fact, our res
Our research team discovered the globalfondsblog[.]com rogue page while browsing dubious websites. After inspecting this webpage, we learned that it promotes browser notification spam and redirects users to different (likely unreliable/hazardous) sites. Globalfondsblog[.]com and analogous pages a
We have inspected glsfreeads[.]com and found that it is a fraudulent site designed to manipulate users into enabling notifications through clickbait. If allowed, the site can deliver false alerts and similar messages aimed at directing users to potentially dangerous websites. Thus, glsfreeads[.]co
NoBackups is ransomware our team discovered while examining malware samples uploaded to VirusTotal. Our analysis shows that NoBackups encrypts files, appends the victim's ID and ".nobackups" extension to them, and generates a ransom note ("README.TXT"). An example of how NoBackups changes the nam
Our analysis of galeritintite[.]com has revealed that it is a deceptive website that wants to show notifications and uses clickbait to obtain permission to do so. If allowed, galeritintite[.]com can send fake warnings and other misleading notifications to promote potentially malicious sites.
We have inspected the website (nuralabs.pages[.]dev) and found that it mimics the original Nura Labs page (nura.gg). The fake site includes a malicious tool allowing scammers to steal crypto. Thus, interacting with it can lead to significant financial loss. Users should avoid the fake NuraLabs sit
While investigating suspicious websites, our research team found the gesmart[.]site rogue webpage. Upon examination, we learned that it promotes browser notification spam and produces redirects to other (likely unreliable/hazardous) sites. Most visitors to gesmart[.]site and similar pages access t
RMC is a stealer-type malware based on the Electron framework. The potential origin of this malicious program is the sale of Leet stealer's source code in April 2025, as there is some evidence that the code was used when building RMC. This malware, as well as Leet and Sniffer stealers, have been s
Leet is an Electron-based stealer that emerged in late autumn of 2024. This data-stealing program was initially offered as MaaS (Malware-as-a-Service) before its source code (alongside that of the Hexon stealer) was put on the market in the spring of 2025. Since then, several variants of this malw
Our analysis of the website (presale-rudi[.]xyz) has shown that it is a scam where fraudsters promote a fraudulent cryptocurrency project. The scammers behind it aim to drain crypto wallets. Thus, victims of this scam can experience significant monetary loss. This and similar scams should be avoid