During our inspection of networksearchflow.co[.]in, we found that it promotes the "You've visited illegal infected website" scam. This page displays deceptive content and requests permission to show notifications. Allowing sites like networksearchflow.co[.]in to send notifications can expose users
We have analyzed rprldnwsq1[.]xyz and discovered that it is designed to lure visitors into accepting its notifications. Once this page has permission to show notifications, it bombards users with unwanted ads and other content that can expose users to scams and other online threats. Thus, rprldnws
Our inspection of Prime Cinema has revealed that it is an unwanted extension that functions as a browser hijacker. The purpose of this browser hijacker is to promote searching.primecinemaapp.com. The extension forces users to visit searching.primecinemaapp.com by changing the settings of a web bro
We have inspected heakebralism[.]com and concluded that it presents a misleading message to deceive visitors into permitting it to show notifications. If allowed, heakebralism[.]com can deliver notifications containing fake warnings and other messages. Overall, heakebralism[.]com is not a trustwor
Tropidoor is a malicious program classed as a backdoor. Malware of this kind is designed to open a "backdoor" into systems, and some of these programs can download/install additional malicious software or components. Tropidoor has been observed being used in campaigns that also utilized a downloa
Our researchers found backstineseudis[.]com while browsing suspect sites. After investigating this rogue webpage, we determined that it endorses browser notification spam and produces redirects to other (likely unreliable/harmful) websites. Backstineseudis[.]com and similar pages are mainly access
While browsing suspect websites, our research team discovered the euchakedne[.]com rogue page. It is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/hazardous) sites. Webpages like euchakedne[.]com are primarily visited through redirects produced
Lilith RAT is a remote access Trojan that lets the attackers to remotely control a computer. It is written in C++ programming language and gives attackers a lot of control over the infected device. Victims of Lilith RAT should eliminate the malware as soon as possible to avoid data theft and other
Our research team discovered the bridgegapdevice.co[.]in rogue page while investigating dubious websites. After we examined this webpage, we learned that it endorses browser notification spam and generates redirects to other (likely questionable/hazardous) sites. The majority of visitors to bridg
Nanocrypt is ransomware our team discovered during an analysis of samples submitted to VirusTotal. After execution, Nanocrypt encrypts files and appends the ".ncrypt" extension to them. It also generates a text file ("README.txt") containing a ransom note. An example of how Nanocrypt renames files