While analyzing the Cip ransomware sample, we found out that it belongs to the Dharma ransomware family. We also noticed that it encrypts files and appends the victim's ID, ciphercrypt@tuta.io] email address and the ".cip" extension to filenames. For example, it renames "1.jpg" to "1.jpg.cip", "do
We detected Clipboard Sync Beta when researching scam websites. This adware-type browser extension was promoted by the "Install the extension for Chrome to protect your privacy" scam. This piece of software promises to sync clipboard data between two desktop devices; instead, it runs intrusive ad
Important-incoming-news[.]com was detected by our research team during a routine inspection of suspicious webpages. This site is designed to push its browser notifications, and it can cause redirects to other untrustworthy/malicious pages. Websites akin to important-incoming-news[.]com are primari
Our researchers encountered the "Install the extension for Chrome to protect your privacy" scam while inspecting browser notifications delivered by various questionable sites. Specifically, an ad delivered by important-incoming-news[.]com that promoted a website running the scam in question. Typi
When searching VirusTotal for new malware submissions, our researchers found yet another malicious program belonging to the Dharma ransomware family. This ransomware-type program is called MTX. On our test system, this malware encrypted files and appended their titles a unique ID, the cyber crimi
We have encountered the "McAfee: SECURITY ALERT" fake virus notification displayed by a deceptive website while visiting other pages that use rogue advertising networks. This scam is similar to many other scams that our team has discovered before. Websites of this type (fake notifications displaye
Our researchers found bestfaustcaptcha[.]top when analyzing shady websites. This page is a typical example of browser notification spam promotion. In addition to pushing its notifications, bestfaustcaptcha[.]top can redirect visitors to other questionable/malicious sites. We accessed this webpage
We have found the Security Suite adware while checking shady websites (Security Suite has an official download website too). We examined the deceptive page promoting Security Suite and noticed that it displays a fake message disguised as a notification from the Chrome browser. That message claims
Polizia Di Stato is the ransomware that we discovered while analyzing samples submitted to VirusTotal. While testing this ransomware variant, we have learned that it encrypts files, appends the ".polizia" extension to filenames (for instance, renames "1.jpg" to "1.jpg.polizia", "2.jpg" to "2.jpg.p
After installing this suspicious browser extension, our researchers classified Test Certificate as adware. While this piece of software claims to provide the service of easy website verification, it operates by running intrusive advertisement campaigns instead. Our research also revealed that Test