Xentari is a ransomware written in the Python programming language. It is designed to encrypt data and demand payment for the decryption. After we executed a sample of Xentari on our test machine, it encrypted files and created a ransom note. Files encrypted by this malware have the ".xentari" ex
Xefkqo[.]info is a rogue webpage discovered by our researchers during a routine inspection of suspicious sites. Upon examination, we determined that this page endorses browser notification spam and redirects users to other (likely untrustworthy and/or malicious) websites. Most visitors to xefkqo[
Veihqy[.]click is a rogue page that our research team found during a routine inspection of suspicious websites. The webpage's purpose is to promote browser notifications spam. It can also redirect users to other (likely unreliable/malicious) sites. Most visitors to veihqy[.]click and similar pages
We have reviewed nsnetwork[.]pro and concluded that it is a deceptive web page that uses clickbait to trick visitors into allowing it to send notifications. If nsnetwork[.]pro obtains this permission, it can deliver fake alerts and other misleading messages. Thus, this page should be avoided.
Our researchers discovered droxiluma.co[.]in while browsing untrustworthy websites. After examining this rogue webpage, we learned that it promotes browser notification spam and generates redirects to different (likely dubious/harmful) sites. Droxiluma.co[.]in and pages akin to it are primarily ac
PureRAT is a remote access Trojan (RAT) utilized to steal sensitive information from infected devices. It sends stolen information to the C2 server controlled by the attackers. In addition to stealing data, PureRAT can be used for other malicious purposes. It is known to be delivered via deceptive
Miracle16[.]pro is a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by endorsing browser notification spam and redirecting users to different (likely unreliable/hazardous) webpages. Most visitors to pages like miracle16[.]pro access them via r
Our examination shows that saigambecreasce[.]com uses clickbait to trick users into allowing notifications. If permission is granted, the site may send misleading messages designed to open potentially malicious pages. For this reason, it is best to avoid saigambecreasce[.]com and never allow it to
While investigating dubious websites, our researchers found the heoqp[.]info rogue page. It is designed to promote browser notification spam and produce redirects to various (likely suspicious/harmful) sites. The majority of the visitors to heoqp[.]info and similar webpages access them through red
Atomic is ransomware that we discovered while analysing malware samples uploaded to VirusTotal. It belongs to the Makop family and, once executed, encrypts files, changes the desktop wallpaper, and creates a ransom note ("+README-WARNING+.txt"). Also, Atomic appends the victim's ID, an email addr