PENTAGON is a Remote Access Trojan (RAT), malware designed to allow stealthy remote access/control over infected systems. Our researchers obtained PENTAGON's sample when its developers promoted and shared it on Reddit and Twitter. PENTAGON can enable close to user-level access over comprom
We have examined this email and concluded that it is a phishing scam used to trick unsuspecting recipients into opening a deceptive website and providing their PayPal login credentials. In order to make this phishing email legitimate, scammers use the real PayPal logo in it. The email stat
Our researchers periodically inspect suspicious websites, and b-cdn[.]net is a new find from one of these inspections. B-cdn[.]net is a rogue page that loads dubious content (e.g., "Your McAfee Subscription Has Expired" scam), pushes its browser notifications, and redirects visitors to other untru
We have encountered this scam while clicking on shady ads and visiting untrustworthy pages that use rogue advertising networks. After examining this pop-up scam, we learned that its purpose is to trick visitors into calling scammers. We also found that this page is hosted using the AmazonAWS servi
Discovered by our research team during a routine inspection of shady websites, "Alert! Windows-11 Can Not Update" is a technical support scam promoted on rogue websites. Like most deceptive pages of this type, it makes various fake claims about viruses, hackers, blocked computers, etc. - to scare
We have discovered the blinkweb[.]net page while inspecting websites using questionable advertising networks (mainly illegal streaming, adult dating, torrent, and similar sites). We have examined blinkweb[.]net and learned that it uses a clickbait technique to trick visitors into allowing it to sh
We have discovered the Blender ransomware while checking the malware samples submitted to VirusTotal. We found that it is part of the VoidCrypt ransomware family. After testing the ransomware, we learned that it encrypts files, modifies their filenames, and provides ransom notes in a pop-up window
While inspecting websites that use rogue advertising networks, we discovered the click-and-continue[.]live website. It is designed to push its spam browser notifications, load questionable content, and redirect visitors to other untrustworthy/hazardous webpages. Most visitors to click-and-continu
Our researchers detected VSOP ransomware during a routine inspection of new malware submission on VirusTotal. While analyzing a sample, we learned that this ransomware encrypts files and appends their names with a ".PPLIT" extension. To elaborate, a file initially titled "1.jpg" appeared as "1.jpg
YouTube Ad Remover is a rogue browser extension, which we have researched. On its "official" site, this extension is promoted as a tool capable of blocking advertisements on YouTube videos. However, we found that when installed on Google Chrome, YouTube Ad Remover promises only to auto-skip said a