Our research team found Dem.app while investigating new file submissions to the VirusTotal website. After inspecting this application, we determined that it is advertising-supported software (adware). Dem.app belongs to the Pirrit malware family. Adware runs intrusive advertisement campa
During our examination of the Germanize.app application, we discovered that it belongs to the Pirrit family and delivers intrusive advertisements. Applications of this type are categorized as adware. It is recommended to avoid installing adware on computers to avoid potential risks. If an app li
Blue is ransomware from the Phobos family. We discovered this variant while inspecting malware samples uploaded to VirusTotal. Our analysis has shown that Blue encrypts files and renames them by appending the victim's ID, givebackdata@mail.ru email address, and ".blue" extension. Also, Blue create
Upon inspecting squipisioncha.co[.]in, we concluded that this web page cannot be trusted. It uses clickbait to lure visitors into accepting its notifications. Users should never agree to receive notifications from websites of this kind. It is worth noting that users rarely open websites like squip
We have reviewed pleadsbox[.]com and found that it is a deceptive site designed to trick users into allowing it to show notifications. In most cases, users accidentally visit such sites. Users who have granted pleadsbox[.]com permission to display notifications should revoke this permission to avo
Our research team discovered the poopsylifort[.]com webpage during a routine investigation of dubious sites. After examining this rogue page, we determined that it is designed to endorse browser notification spam and generate redirects to other (likely unreliable/harmful) websites. Users primaril
Our researchers discovered pushckick[.]click while browsing untrustworthy websites. This rogue page promotes browser notification spam and can redirect visitors to different (likely dubious/hazardous) sites. The majority of users access webpages like pushckick[.]click through redirects generated
Prince is a ransomware-type virus. This malicious program is written in the Go programming language. It encrypts victims' files to demand payment for the decryption. After we executed a sample of Prince on our test machine, it encrypted files and appended their filenames with a ".ran" extension.
We have examined ondshub[.]com and determined that it is a deceptive website designed to deceive users into granting it permission to display notifications. Usually, users unintentionally access sites like ondshub[.]com. If this (or a similar) page has been allowed to show notifications, this perm
Worldtracker is the name of a malicious program that extracts and exfiltrates sensitive information from devices. Among this stealer's capabilities are cryptocurrency wallet theft and victims' file download/exfiltration. Worldtracker is a stealer – a type of malware designed to obtain vuln