Our team has inspected WannaChaos666 and found that it is ransomware based on Chaos. Once activated (executed on a device), WannaChaos666 encrypts files and appends its extension (".666") to them. It also changes the desktop wallpaper and drops a ransom note, "read_me_f*cking_b*tch!". An example
Our researchers discovered aromboples[.]com during a routine inspection of untrustworthy websites. After examining this page, we determined that it promotes browser notification spam and redirects users to different (likely unreliable/hazardous sites). The majority of visitors to aromboples[.]com
SHUYAL is an information-stealing malware that targets web browsers and other applications. It uses advanced evasion techniques, including self-deletion and automatic disabling of Task Manager, to avoid detection. If detected on a device, it should be removed immediately. Once executed, th
Fravixnula[.]com is a rogue website discovered by our researchers during a routine inspection of questionable sites. Upon examination, we learned that this page endorses spam browser notifications and generates redirects to other (likely unreliable/dangerous) websites. Most visitors to fravixnula
Our research team found Cowa ransomware during a routine inspection of new file submissions to the VirusTotal site. This malicious program belongs to the Makop ransomware family. Malware of this kind encrypts data and demands a ransom for the decryption. On our testing system, Cowa encrypted file
We have reviewed xzcczxxx[.]xyz and concluded that it is a misleading web page created to lure visitors into consenting to get its notifications. If permitted, xzcczxxx[.]xyz can display unwanted notifications containing deceptive warnings, offers, alerts, etc. Thus, users should not trust xzcczxx
Our analysis of mogyroonte[.]com shows that it is a deceptive site designed to trick users into enabling notifications. If permission is given, the site can push fake alerts and other misleading messages designed to promote potentially malicious pages. For this reason, it is best to avoid visiting
During our inspection of the REVRAC malware we found that it is ransomware belonging to the Makop family. Upon execution, REVRAC encrypts files (and renames them), changes the desktop wallpaper, and creates a ransom note ("+README-WARNING+.txt"). This ransomware changes filenames by appending the
"Payment Confirmation Advise" is a phishing email. It lures recipients with a payment-themed lure into visiting a phishing site masquerading as an email sign-in page. Victims of this spam campaign can have their email accounts stolen. The spam email with the subject "payment confirmation a
We have reviewed fuel-io.pages[.]dev and found that it is a fake website mimicking the original Fuel site (fuel.network). Scammers behind the fraudulent page aim to deceive individuals into launching a malicious tool that can steal their cryptocurrency. It is highly advisable to avoid sites like t