While analyzing a rogue installer, our researchers discovered the "Klio Verfair Tools" PUA (Potentially Unwanted Application). This app is designed to infiltrate the Legion Loader malware into systems. At the time of research, Klio Verfair Tools was installed together with another PUA called Suma
While investigating new file submissions to the VirusTotal website, our research team discovered the P*zdec ransomware (the asterisk stands for the letter "i", and it will be censored in this manner throughout this article). This malicious program is part of the GlobeImposter ransomware family. O
While investigating new submissions to the VirusTotal platform, we discovered the Louis ransomware. It operates by encrypting files and demanding payment for the decryption. On our test machine, Louis ransomware encrypted files and appended their names with a ".Louis" extension. For example, a fi
Spinefreeads[.]top is a rogue page discovered during a routine investigation session of suspicious websites. Upon inspection, we determined that this webpage promotes browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Most visitors enter pages like
After examining this "Avoid Getting Locked Out" email, we determined that it is spam. This message warns the recipient that they can get locked out of their account if they do not re-authenticate it. The email promotes a phishing website targeting email log-in credentials. This spam email
Our inspection of the "Capital One - Purchase Was Charged To Your Account" email revealed that it is spam. This fake message alerts recipients of a purchase made with their account – thus, the email lures them into revealing their log-in credentials to a phishing website. It must be emphasized th
We have inspected connectscreen[.]xyz and determined that it uses clickbait, a misleading technique, to trick users into agreeing to get its notifications. If connectscreen[.]xyz has permission to show notifications, it promotes various scams, unwanted apps, and similar content. Users should not t
In our analysis, we found that jenonubaz[.]sbs displays a deceptive message to obtain permission to show notifications. If such permission is granted, jenonubaz[.]sbs delivers fake alerts and other misleading notifications. This can expose users to scams and other online threats. Thus, jenonubaz[.
Gerqrg[.]click is a rogue page discovered by our researchers during a routine investigation of suspect websites. After examining this webpage, we learned that it endorses browser notification spam and generates redirects to different (likely untrustworthy/hazardous) sites. Most visitors access ge
We have reviewed sougraiwhie[.]com and concluded that it presents a fake survey and wants to show notifications. Usually, dubious sites use notifications to promote scams, unwanted apps, and other threats. Therefore, when sougraiwhie[.]com is visited, it should be closed and never revisited.