Dmay is ransomware - a type of malware that encrypts files. We have discovered it while examining samples submitted to VirusTotal. It was found that Dmay is part of the Djvu ransomware family. In addition to encrypting files, it renames them (appends the ".dmay" extension to filenames), and create
Protectorofpower[.]xyz is a website that runs the "Your Windows 10 Is Infected With Viruses" scam and asks for permission to show notifications. Our team has discovered this deceptive site while inspecting various pages that use rogue advertising networks (e.g., torrent sites, illegal movie stream
During a routine inspection of untrustworthy sites, we discovered the ourhotfeed[.]com rogue webpage. It is designed to push browser notification spam and redirect visitors to other (likely unreliable or malicious) websites. Pages like ourhotfeed[.]com are usually entered inadvertently. Most users
LoginCheck is a piece of rogue software our research team discovered while inspecting new submissions to VirusTotal. After inspecting this app, we determined that LoginCheck works as advertising-supported software (adware) and belongs to the AdLoad malware family. LoginCheck might not di
Msjd is a ransomware-type program belonging to the Djvu malware family. Our researchers found Msjd while inspecting new submissions to VirusTotal. On our test machine, this ransomware encrypted files and added the ".msjd" extension to their filenames. To elaborate, a file initially titled "1.jpg"
Mediaforyour[.]com is a rogue webpage that our researchers discovered while inspecting untrustworthy websites. It operates by using deception to lure visitors into allowing it to display spam browser notifications. Additionally, this page is capable of redirecting users to other (likely unreliable
GenerateExplorer is the name of an adware-type application designed to generate intrusive advertisements. Typically, apps of this type are promoted and distributed on shady websites, via deceptive ads, and in similar ways. Our team has discovered GenerateExplorer on a shady website offering to d
Our team has examined this email and concluded that it is a fake letter from Ergife Palace Hotel (an existing hotel in Rome). All text in this letter is written in Italian. Cybercriminals behind it attempt to trick users into believing that they have received a quote request. Their goal is to lure
View dark is a browser extension our researchers discovered while looking through deceptive download webpages. This piece of software promises to enable dark mode for websites that do not have it. After inspecting view dark, we determined that it operates as adware. This extension runs intrusive
Kratos Silent Miner is the name of ETC (Ethereum Classic) and ETH (Ethereum) cryptocurrency miner with various options and builds. We have discovered this miner on a hacker forum. Its developer offers to purchase a monthly subscription (with 24/7 support on Telegram) for $100. Kratos Silen