While examining malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the Makop family known as DORRA. This ransomware is designed to prevent victims from accessing their files by encrypting them. Also, DORRA renames files and provides a ransom note ("+README-WAR
Our research team discovered the nwsbstwrld[.]com rogue page while browsing suspicious websites. After examining this webpage, we determined that it endorses browser notification spam and generates redirects to different (likely dubious/malicious) sites. Nwsbstwrld[.]com and pages akin to it are
After inspecting the "e-Mail Support Center" letter, we determined that it is spam. It promotes a phishing scam – the email makes false claims regarding the recipient's account password expiring soon in order to trick them into disclosing it. Thus, the scheme enables scammers to steal exposed emai
"Word Online Extension Is Not Installed" is part of the campaign (known as ClickFix) utilized to infect victims' devices with the DarkGate malware. This scheme was observed being promoted via spam emails instructing recipients to open their HTML attachments. These files display fake pop-ups claim
RansomHub is ransomware, a type of malware that encrypts files and provides victims with instructions on how to pay for their decryption. Additionally, RansomHub renames files by appending a string of random characters to filenames (e.g., it renames "1.jpg" to "1.jpg.9a311a" and "2.png" to "2.png.
We have examined nexaapptwp[.]top and noticed that this page uses a clickbait technique (a deceptive method) to lure users into allowing it to display notifications. Additionally, nexaapptwp[.]top redirects visitors to other dubious websites. Therefore, users should avoid visiting nexaapptwp[.]top
While investigating dubious websites, our researchers found the TjboApp PUA (Potentially Unwanted Application). Software within this category usually possesses undesirable or harmful capabilities. PUAs tend to infiltrate systems in bundles (i.e., packed together with other suspect software). This
Orbit is ransomware that our team discovered while inspecting samples submitted to VirusTotal. This ransomware encrypts and renames files (it appends a string of random characters, likely the victim's ID, and the ".orbit" extension). Also, Orbit generates a ransom note, the "README.TXT" file. An
Our researchers discovered nexaapptwp[.]com during a routine inspection of untrustworthy websites. After examining it, we determined that this rogue webpage is designed to promote browser notification spam and redirect users to different (likely unreliable/harmful) sites. The majority of visitors
Our research team discovered retrioni[.]net while browsing dubious sites. After investigating this rogue page, we determined that it tricks users into allowing browser notification delivery. Additionally, retrioni[.]net can redirect users to other (likely dubious/malicious) websites. Most visitor