Helldown is ransomware that we discovered during inspection of malware samples uploaded to the VirusTotal platform. Upon examining Helldown, we concluded that its functionality involves encrypting files, appending a random extension to filenames, and creating a ransom note ("Readme.[random_string]
While examining resertol.co[.]in, we discovered that it uses a deceptive method (clickbait) to lure visitors into agreeing to receive its notifications. Once allowed, resertol.co[.]in shows fake warnings and other misleading notifications. Therefore, users should never permit resertol.co[.]in (and
Our researchers found denalimount[.]top while inspecting dubious websites. This rogue page endorses browser notification spam and redirects users to other (likely untrustworthy/dangerous) sites. The majority of visitors enter webpages like denalimount[.]top via redirects generated by websites tha
We have analyzed datingkoe2[.]site and learned that it presents misleading content to trick visitors into allowing it to show notifications. Datingkoe2[.]site utilizes clickbait to receive this permission. Users should avoid visiting web pages that use such methods and never grant them any permiss
Elixirnexus[.]com is a rogue page discovered by our researchers during a routine investigation of suspicious websites. Our examination revealed that this webpage endorses browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors access pages like el
Our team has analyzed the site (register-arciumhq[.]xyz) and discovered that it is a scam page posing as the Arcium website. The purpose of the fraudulent web page is to trick visitors into believing they are on the real page and performing actions that could lead to financial losses. Users should
We have inspected the Lockdown malware and found that it operates as ransomware. We discovered this ransomware while examining malware samples on VirusTotal. Our analysis has shown that Lockdown encrypts files and appends the ".lockdown" extension to filenames. Also, it locks the screen and displa
Our researchers discovered the broidfit[.]com rogue page while browsing untrustworthy websites. Upon inspecting this webpage, we learned that it aims to trick users into consenting to its browser notification delivery. Additionally, the page can generate redirects to other (likely dubious/dangerou
After inspecting the "Join Injective Airdrop", we determined that it is fake. We found this scam endorsed on injective.claim-foundation[.]site, but it could be hosted on other domains. This webpage imitates the Injective platform (injective.com) and lures users with a promise of an INJ token airdr
Our researchers discovered checkouroffer[.]com while browsing suspicious websites. After examining this rogue page, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy and/or hazardous) sites. Checkouroffer[.]com and similar webpages are pr