While reviewing new submissions to the VirusTotal website, our research team discovered the Anonymous Encryptor malicious program. After analyzing this malware, we determined that it is identical to two ransomware-type programs – GhosHacker and BlackSkull. Anonymous Encryptor ransomware encrypts
Our analysis of froommixoria[.]com has uncovered that it is a deceptive website designed to deceive unsuspecting visitors into agreeing to receive notifications from the site. Notifications from websites like froommixoria[.]com are not reliable. Therefore, such pages should not be permitted to sen
While investigating suspicious websites, our researchers discovered the doidacers[.]com rogue page. It operates by promoting browser notification spam and redirecting users to other (likely dubious/dangerous) sites. Webpages like doidacers[.]com are most often accessed through redirects generated
During our analysis of samples uploaded to the VirusTotal page, we discovered a ransomware variant belonging to the Djvu family known as Watz. This variant encrypts files and adds its extension (".watz") to filename. For instance, it changes "1.jpg" to "1.jpg.watz" and "2.png" to "2.png.watz". Als
We have analyzed undenentionin[.]com and found that this page is designed to trick visitors into permitting it to deliver notifications. Once this permission is granted, the website bombards users with various spam notifications, including deceptive ones. Users who have granted notification permis
CarnavalHeist is a banking Trojan targeting users in Brasil. It is capable of stealing banking credentials and performing other actions. Having a device infected with CarnavalHeist can result in financial loss, identity theft, and other issues. Thus, CarnavalHeist should be eliminated from comprom
Our inspection of this "American Express - Username/Password Has Been Updated" email revealed that it is fake. The spam letter states that the log-in credentials for the recipient's American Express account have been changed. If they do not recognize this activity – they can keep their old usernam
After inspecting this "Commerzbank" email, we determined that it is fake. This spam letter requests the recipient to provide their identification to avoid cessation of their banking services. It must be emphasized that the claims made by this email are false, and this mail is not associated with
Our research team discovered the realilitnow[.]club rogue webpage while browsing suspicious sites. After analyzing this page, we determined that it endorses browser notification spam and redirects visitors to other (likely untrustworthy/dangerous) websites. Most users enter realilitnow[.]club and
CiviApp is the name of a Potentially Unwanted Application (PUA). Software within this classification typically possesses undesirable and possibly malicious capabilities. PUAs tend to infiltrate systems in bundles (alongside other software), which is true of the installer carrying CiviApp that we a