While checking out suspect pages, our researchers discovered gluxouvauque[.]com. After inspecting this rogue webpage, we learned that it endorses browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. Most users enter gluxouvauque[.]com and pages akin
While investigating untrustworthy websites, our research team discovered the Wild Life browser extension. This piece of software promises to display nature-themed browser wallpapers. However, Wild Life makes changes to browser settings in order to endorse (via redirects) the ucfmyquest.com fake s
This "X World Games Airdrop" is a scam. It imitates the legitimate X World Games Web3-type blockchain gaming platform. The scheme claims that eligible users can participate in an XWG token and NFT (Non-Fungible Token) airdrop. However, once a digital wallet is exposed to this scam – a cryptocurren
This "Pacmoon Airdrop" is fake. This scam claims to give a 10% Pacmoon (PAC) token bonus for those who join the project. However, once a user connects their digital wallet to it, the scam begins operating as a cryptocurrency drainer. This scheme has been observed being promoted via posts on the X
Hitobito (also known as Kage No Hitobito) is a ransomware-type program. It operates by encrypting files and demanding payment for the decryption. On our test machine, Hitobito encrypted files and added a ".hitobito" extension to their filenames. For example, a file originally named "1.jpg" appear
Resultsearch.net is the address of a rogue webpage classed as a fake search engine. Sites within this classification cannot generate search results and tend to redirect to legitimate Internet search websites. Usually, these pages collect visitor data. Fake search engines are promoted by browser h
VCURMS is a remote administration Trojan (RAT) that cybercriminals store on public services such as Amazon Web Services (AWS) and GitHub. This method allows the Trojan to conceal its presence and activities from security measures, making it more challenging to detect and remove from infected syste
Myultimatesafeguard[.]com is a page discovered by our researchers during a routine investigation of questionable websites. Upon inspection, we determined that this rogue webpage promotes scams and browser notification spam. It can also redirect users to other (likely dubious/malicious) sites. Pag
While analyzing malware samples uploaded to VirusTotal, we identified cursoDFIR, a ransomware variant engineered to encrypt files. Additionally, cursoDFIR appends its extension (".cursoDFIR") to filenames, changes the desktop wallpaper, and generates a text file ("meleaicara.txt") containing a ran
Ert is a malicious program belonging to the Xorist ransomware family. It is designed to encrypt data and demand payment for the decryption. Our researchers discovered this malware while reviewing new submissions to the VirusTotal platform. When we executed a sample of Ert on our testing system, i