Our researchers discovered droxiluma.co[.]in while browsing untrustworthy websites. After examining this rogue webpage, we learned that it promotes browser notification spam and generates redirects to different (likely dubious/harmful) sites. Droxiluma.co[.]in and pages akin to it are primarily ac
PureRAT is a remote access Trojan (RAT) utilized to steal sensitive information from infected devices. It sends stolen information to the C2 server controlled by the attackers. In addition to stealing data, PureRAT can be used for other malicious purposes. It is known to be delivered via deceptive
Miracle16[.]pro is a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by endorsing browser notification spam and redirecting users to different (likely unreliable/hazardous) webpages. Most visitors to pages like miracle16[.]pro access them via r
Our examination shows that saigambecreasce[.]com uses clickbait to trick users into allowing notifications. If permission is granted, the site may send misleading messages designed to open potentially malicious pages. For this reason, it is best to avoid saigambecreasce[.]com and never allow it to
While investigating dubious websites, our researchers found the heoqp[.]info rogue page. It is designed to promote browser notification spam and produce redirects to various (likely suspicious/harmful) sites. The majority of the visitors to heoqp[.]info and similar webpages access them through red
Atomic is ransomware that we discovered while analysing malware samples uploaded to VirusTotal. It belongs to the Makop family and, once executed, encrypts files, changes the desktop wallpaper, and creates a ransom note ("+README-WARNING+.txt"). Also, Atomic appends the victim's ID, an email addr
Our analysis of polzbtcs[.]info has revealed that it uses clickbait to obtain permission to deliver notifications. If users accept notifications from polzbtcs[.]info, they can be bombarded with deceptive alerts and other messages of this kind. Thus, it is advisable to avoid polzbtcs[.]info and nev
Our team has reviewed orprotocol[.]pro and found that it is designed to trick visitors into giving it permission to show notifications. If allowed, orprotocol[.]pro can send fake notifications (e.g., system warnings) to lure users into opening other, potentially malicious sites. Orprotocol
Our researchers discovered the Bash 2.0 ransomware (also known as Bash Red) while inspecting new file submissions to VirusTotal. This malicious program is based on the Chaos ransomware. Bash 2.0 encrypts data and demands ransoms for its decryption. On our test machine, the malware encrypted files
While browsing dubious websites, our research team found the anesibulmiseed[.]com rogue page. It is designed to endorse browser notification spam and generate redirects to different (likely untrustworthy/hazardous) sites. Anesibulmiseed[.]com and similar webpages are most commonly accessed via re