Glove is an information stealer written in .NET. It is capable of harvesting sensitive information from browsers (including added extensions) and software installed on computers. Threat actors have been observed distributing Glove stealer through deceptive emails. Infected computers should be scan
Thi-tl is a series of domains with different numbers in their URLs. We discovered the purpose of these pages is to trick visitors into permitting them to show notifications. When on thi-tl sites, users are presented with a misleading message (or messages). Pages that use deception to obtain permis
While investigating new malware submissions to VirusTotal, our researchers discovered the Biobio ransomware. It is a variant of the Kasper ransomware. Programs of this kind encrypt data and demand ransoms for its decryption. On our test machine, Biobio (Kasper) ransomware encrypted files and modi
Our researchers discovered befimtiboagop[.]com during a routine inspection of dubious websites. Upon examination, we learned that this rogue page promotes browser notification spam and redirects to other (likely unreliable/hazardous) sites. Most visitors enter befimtiboagop[.]com and webpages akin
Our inspection of wouldlottads[.]top revealed it to be a deceptive webpage designed to gain permission to send notifications using clickbait tactics. Users should avoid visiting wouldlottads[.]top and similar sites. If you have already granted wouldlottads[.]top permission to send notifications, i
During our inspection of thedilgad[.]top, we found it to be a deceptive web page. It is designed to obtain permission to show notifications through clickbait. Users should avoid visiting thedilgad[.]top and similar web pages. If thedilgad[.]top already has permission to send notifications, this pe
We have inspected alkads[.]com and learned that it is a shady website created to deceive visitors into granting it permission to display notifications. Like most web pages of this type, alkads[.]com uses clickbait to obtain that permission. Users should avoid visiting alkads[.]com and similar site
We have inspected bivos[.]xyz and concluded that it is an unreliable website designed to lure visitors into accepting to receive its notifications. Also, if allowed, bivos[.]xyz sends misleading notifications (e.g., fake warnings). Therefore, users should avoid bivos[.]xyz and not allow it to show
Our researchers discovered the toreffirmading[.]com rogue page while investigating suspect websites. After examining this webpage, we learned that it promotes browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. Users primarily access pages like tore
Our researchers discovered this fake "$AVAIL Airdrop" on sign-in-availproject.pages[.]dev (but it could be hosted elsewhere). This page imitates the Avail platform (availproject.org). It entices users with a promise of an AVAIL token airdrop. This scam aims to deceive users into exposing their di