Necro is a Trojan that targets Android users. Threat actors deliver it via modified versions of well-known apps and those found on official app stores like Google Play. Necro uses certain techniques to hide its malicious payloads to evade detection and can perform various malicious activities.
While browsing suspicious websites, our researchers discovered a deceptive page promoting the "movie-web remastered extension". This browser extension promises to enhance the streaming experience. After examining it, we determined that this extension is advertising-supported software (adware).
Our team has reviewed gamadspro[.]com and discovered that the site uses clickbait to gain permission to show notifications. Typically, notifications from sites like gamadspro[.]com are deceptive and promote questionable content. Therefore, users should avoid agreeing to receive notifications from
While investigating suspicious websites, our research team discovered a group of rogue webpages sharing the "first-tl" domain. First-tl-139-d[.]buzz is an example of a page belonging to this family; the numbers and/or the letter in these domains can differ. The goal of first-tl webpages is to tri
Our team has examined gamadshub[.]com and found that this page employs clickbait to receive permission to send notifications. In most cases, notifications from websites like gamadshub[.]com are misleading and promote shady sites. Thus, users should not agree to receive them and should avoid visiti
Our researchers discovered RDP ransomware while reviewing malware submissions to VirusTotal. This malicious program belongs to the Chaos ransomware family. RDP (Chaos) ransomware encrypts data and demands ransoms for its decryption. After we launched this malware on our test machine, it locked fi
Secdojo is ransomware, a type of malware that encrypts files. It also renames files (by appending the ".secdojo" extension). For instance, it changes "1.jpg" to "1.jpg.secdojo" and "2.png" to "2.png.secdojo". Additionally, Secdojo creates the "index.html" file containing a ransom note. Screens
Tyson is ransomware (based on Chaos ransomware) that we discovered during an analysis of malware samples submitted to VirusTotal. Once infiltrated, Tyson encrypts files, appends its extension (".tyson") to filenames, and drops a ransom note ("DECRYPTION INSTRUCTIONS.txt"). For instance, it renames
Our examination of etyrthonrong[.]info has shown that the site employs a deceptive tactic (known as clickbait) to lure visitors into granting it permission to send notifications to their devices. Usually, when a site like etyrthonrong[.]info has permission to show notifications, it bombards users
ProSearch is a browser hijacker discovered during a routine investigative session. When inspecting a Torrenting website that uses rogue advertising networks, our researchers were redirected to a scam page using adult-oriented and video game themed lures. The webpage promoted a malicious installer