"Cortana - It seems your PC is locked out" is a technical support scam, which our researchers found while inspecting sites that use rogue advertising networks. Scams of this type aim to trick users into calling fake helplines to resolve computer-related issues. Once on the line, victims are lured
The webjustpush[.]com site displays a fake CAPTCHA to trick visitors into allowing it to show notifications. Also, it redirects to other untrustworthy pages. Our team has discovered webjustpush[.]com while examining websites that use rogue advertising networks (various illegal movie streaming site
Jester Stealer was first analyzed by Cyble Research Labs when it surfaced on hacker forums back in July 2021. This piece of malicious software is designed to extract a wide variety of sensitive information from infected devices. Jester targets account credentials, browsing data, and financial/bank
We have discovered the Xgpr while checking VirusTotal for recently submitted malware samples. Xgpr is ransomware that encrypts files and provides instructions on how to contact the attackers for decryption. It generates two ransom notes: one in a pop-up window and another in the "FILES ENCRYPTED.t
Fgnh is a piece of malicious software categorized as ransomware. Our researchers found and sampled this malware from VirusTotal. We have also determined that Fgnh is part of the Djvu ransomware family. After being launched onto our test system, this ransomware encrypted files and appended their f
Our malware researchers have discovered Fgui ransomware while analyzing the samples submitted to VirusTotal. It was found that Fgui belongs to a ransomware family called Djvu. Also, it renames encrypted files and creates the "_readme.txt" file, which contains information regarding data recovery.
During a routine inspection of untrustworthy sites, our researchers discovered the hotnews1[.]me webpage. It is designed to load dubious content, promote browser notification spam, and redirect visitors to other unreliable/harmful websites. Rogue pages like hotnews1[.]me are typically accessed in
7afuy is a piece of malicious software categorized as ransomware. Our research found this malware and sampled it from VirusTotal. Once launched onto our test system, this ransomware encrypted files and appended their filenames with a random character string and the ".7afuy" extension. For example
NavigateSystem is a rogue app that we discovered while inspecting new submissions to VirusTotal. After analyzing it, we have determined that this application operates as advertising-supported software (adware). We also found that NavigateSystem belongs to the AdLoad malware family. Follo
Gobrowser.xyz is the address of a fake search engine. We discovered this website while analyzing browser hijackers, which promote (by causing redirects to) such search engines. Browser hijackers promote illegitimate search engines (e.g., gobrowser.xyz) by assigning them as the browsers'