XIAOBA 2.0 is a ransomware-type program. It is designed to encrypt victims' files in order to demand ransoms for the decryption. XIAOBA 2.0 renames the affected files according to this pattern – "[xiaoba_666@163.com]Encrypted_[random_string].XIAOBA". On our test machine, this ransomware encrypted
Our researchers discovered conatesints[.]com during a routine investigation of suspicious websites. This rogue page endorses browser notification spam and redirects users to other (likely dubious/dangerous) sites. Most visitors to conatesints[.]com and similar webpages access them through redirect
RustySpy is a malicious program classified as a stealer. As the classification implies, this malware's purpose is to steal vulnerable data from infected systems and the applications installed on them. RustySpy is a stealer-type malware. Programs of this kind tend to begin their malicious o
HellCat is ransomware that encrypts victims' files and appends the ".HC" extension to them. Also, it changes the desktop wallpaper and drops a ransom note ("_README_HELLCAT_.txt"). An example of how HellCat renames files: it changes "1.jpg" to "1.jpg.HC", "2.png" to "2.png.HC", "3.exe" to "3.exe.H
Chydroogible[.]com is a rogue page discovered by our researchers during a routine inspection of untrustworthy websites. After examining this webpage, we learned that it promotes browser notification spam and produces redirects to other (likely unreliable/hazardous) sites. Most users access chydroo
Our inspection of lingfidancytows[.]com has revealed that the purpose of this page is to trick visitors into agreeing to receive its notifications. The site uses clickbait to get this permission. If allowed, lingfidancytows[.]com delivers notifications containing fake warnings and similar messages
We have examined dipplate[.]com and discovered that it uses clickbait to obtain permission to deliver notifications to devices. Typically, when a web page is designed to trick visitors into agreeing to receive notifications, it uses them to promote scams, shady apps, and other unreliable pages. Th
While browsing untrustworthy websites, our researchers discovered a fake "Solana L2 Presale". This is a phishing scam that lures users into disclosing their cryptocurrency wallet log-in credentials through a fraudulent presale event. It must be emphasized that this "Solana L2 Presale" is not assoc
After inspecting this "Your Cloud Storage Is Full" email, we determined that it is spam. This fake message claims that the recipient's cloud storage is full and multiple threats have been detected therein. The goal of this spam campaign is to redirect recipients to various (likely deceptive/malici
After investigating this "$TWOCS Token Presale", we determined that it is fake. The scam lures users with a token presale event and deceives them into disclosing their digital wallets to a cryptocurrency drainer. IMPORTANT NOTE: We do not review crypto projects, please do your own research w