Our researchers discovered the mosdefender.co[.]in rogue page while investigating dubious websites. This webpage is designed to promote browser notification spam and redirect users to other (likely untrustworthy/malicious) websites. Most visitors to mosdefender.co[.]in and similar pages access the
During a routine investigative session, our research team discovered a fake "Beraborrow ($BERA) Rewards" website. It masquerades as Beraborrow (beraborrow.com) running a poll, the participants of which can receive rewards. The scam site aims to deceive users into exposing their digital wallets to
Hero is a ransomware discovered by our researchers during a routine inspection of new file submissions to VirusTotal. This malicious program is part of the Proton ransomware family. Malware within this classification encrypts data and demands payment for the decryption. On our testing system, Her
Our researchers discovered Forgive ransomware while browsing new submissions to the VirusTotal website. This malicious program encrypts files and demands ransoms for the decryption. After we executed a sample of Forgive on our test machine, it encrypted files and added a ".forgive" extension to t
Complexnetwork.co[.]in is a rogue page discovered by our researchers during a routine inspection of suspicious websites. It operates by promoting browser notification spam and redirecting visitors to other (likely dubious/dangerous) sites. The majority of users access complexnetwork.co[.]in and an
While browsing new submissions to the VirusTotal website, our researchers discovered the PayForRepair ransomware. This malicious program is part of the Dharma ransomware family. The malware is designed to encrypt data and demand payment for the decryption. On our test machine, PayForRepair encryp
Jackalock is a ransomware-type program found by our research team while inspecting new submissions to the VirusTotal website. This program belongs to the MedusaLocker ransomware family. After we launched a sample of Jackalock on our test machine, it encrypted files and appended their names with a
Upon inspecting the "Reconfirm Account Ownership" email, we determined that it is spam. This message urges the recipient to re-verify their account, thus luring them into disclosing their email log-in credentials to a phishing website. This spam email states that the recipient must reconfi
Appsuccess[.]monster is a rogue webpage discovered by our researchers during a routine investigative session of suspect sites. After examining this page, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/harmful) websites. Most users enter the
Our researchers found an installer containing the Temeliq Ultra Touch PUA (Potentially Unwanted Application) while browsing deceptive websites. These apps usually have harmful abilities, and upon analysis, we discovered that Temeliq Ultra Touch acts as a dropper for the Legion Loader malware.