ONYX is ransomware based on another ransomware called CONTI. It encrypts files and appends a randomly generated extension to filenames. Moreover, it deletes files larger than 200 megabytes in size and replaces them with random files. Like most ransomware variants, ONYX also creates a ransom note.
It is a fake Viber warning displayed by a deceptive website. We have discovered this site while inspecting notifications displayed by other pages of this kind. Usually, the purpose of such scams is to trick visitors into downloading some software and (or) providing personal information. A
While inspecting suspicious download webpages, our researchers discovered the Play No Ads browser extension. According to its promotional material, this piece of software promises to block advertisements displayed on YouTube videos. However, after analyzing Play No Ads, we determined that it opera
Our researchers discovered the news-relimo[.]cc rogue webpage while inspecting untrustworthy sites. It is designed to push browser notification spam and cause redirects to different (likely unreliable/malicious) websites. Most users access pages like news-relimo[.]cc via others that use rogue adve
During a routine inspection of untrustworthy websites, our research team found the totalwownews[.]com page. This rogue site promotes spam browser notifications and redirects users to other (likely untrustworthy or malicious) webpages. Visitors to websites like totalwownews[.]com typically access
After analyzing the BestSportSearch browser extension, our researchers determined that it is a browser hijacker. This piece of software makes alterations to browser settings in order to promote the bestsportsearch.com fake search engine. Following successful installation onto our test mach
Recently, a new ransomware called GonnaCope was discovered by Petrovic. It was found that GonnaCope not only encrypts files but also deletes files and replaces them with some random files (files with the ".cope" extension). Files encrypted by GonnaCope do not have a new extension. Also, GonnaCope
While inspecting untrustworthy sites, our researchers found the deviceunder-shield[.]com rogue webpage. It is designed to load scams, push browser notification spam, and redirect visitors to other (likely dubious/malicious) websites. Most users enter deviceunder-shield[.]com and sites akin to it v
Goodcaptcha[.]top is a website designed to trick visitors into allowing it to show notifications. Another problem with this site is that it can open other untrustworthy pages. Our team has discovered goodcaptcha[.]top while inspecting sites that use shady advertising networks (websites that displa
Fill darker is a rogue browser extension that our research team discovered while inspecting scam download sites. Following our analysis, we determined that this extension operates as advertising-supported software (adware). Adware may require certain conditions (e.g., compatible browser, s