Waqa is ransomware from the Djvu family that encrypts files and appends its extension (".waqa") to filenames. Also, Waqa drops a ransom note (a text file named "_readme.txt"). It is common for ransomware variants from the Djvu family to be delivered alongside information stealers like RedLine and
While investigating a Torrenting site that uses rogue advertising networks, we were redirected to a deceptive webpage endorsing an installation setup containing the Mixability PUA (Potentially Unwanted Application). Typically, apps within this category have undesirable or harmful capabilities. It
Search-boss.com is a fake search engine, and like most – it cannot generate search results. Browser-hijacking software endorses sites like search-boss.com via redirects. It is pertinent to mention that users who find themselves forced to visit search-boss.com may also experience redirects to anoth
Exploreahoy.com is the address of a fraudulent search engine. Websites of this kind typically cannot provide search results, so they redirect to genuine Internet search engines. These fake sites are commonly promoted by browser hijackers. It is noteworthy that users who experience redirects to ex
Our researchers discovered the DrawPad Graphic Design PUA (Potentially Unwanted Application) in an installer promoted by a deceptive webpage, which we found while investigating a Torrenting website that uses rogue advertising networks. Unwanted apps typically have harmful capabilities. Additional
After inspecting "$PARAM Claim Live", as promoted on signin-param[.]net, we determined that it is a scam. It impersonates the Param platform (paramgaming.com). The scheme lures users into exposing their digital wallets to a cryptocurrency wallet through a fake event in which $PARAM tokens can be c
We have tested the SeekFast browser extension and found that it hijacks a web browser by modifying its settings. Upon adding SeekFast, the extension sets certain settings to findflarex.com. Additionally, SeekFast may gather various data. It is recommended to avoid adding SeekFast to browsers.
Our researchers discovered Chaddad ransomware during a routine inspection of new submissions to the VirusTotal platform. After acquiring a sample of Chaddad, we launched it on our testing system. This ransomware encrypted files on the test machine and altered their filenames. Original titles were
Lexus ransomware is a malware designed to encrypt files. We discovered it while inspecting malware samples submitted to VirusTotal. In addition to encrypting files, Lexus renames files and generates two ransom notes ("info.txt" and "info.hta"). We also found that Lexus belongs to the Phobos ransom
While browsing dubious websites, our researchers discovered reqdpro[.]club. It is a rogue page that promotes browser notification spam and redirects users to other (likely untrustworthy/hazardous) sites. Webpages like reqdpro[.]club are most commonly accessed through redirects caused by websites u