L3MON is ransomware based on Chaos (another ransomware) that we discovered during inspection of malware samples submitted to VirusTotal. L3MON encrypts victim's files and renames them by appending its extension (four random characters). Also, L3MON creates a ransom note ("DecryptFiles.txt") and ch
Warmcookie is the name of a backdoor-type malware. Malicious programs within this classification are designed to open a "backdoor" to compromised systems; the goal is to cause further infection (i.e., download/install additional malware). Warmcookie has been around since at least the spring of 20
After reviewing dicanduchic[.]com, we have discovered that it employs a deceptive tactic to persuade visitors to grant notification permissions. Web pages like dicanduchic[.]com should not be allowed to display notifications. It is also worth mentioning that users typically do not visit such pages
We have examined cilishardrys[.]com and learned that this page uses a deceptive method to trick visitors into granting it permission to show notifications. Websites like cilishardrys[.]com should not be allowed to send notifications. It is worth noting that users do not visit such pages intentiona
El Dorado (Eldorado) is ransomware derived from another ransomware known as LostTrust. It encrypts files, appends the ".00000001" extension to filenames, and creates a ransom note ("HOW_RETURN_YOUR_DATA.TXT"). An example of how El Dorado changes filenames: it renames "1.jpg" to "1.jpg.00000001", "
After investigating the "Bank Account Details" email, we determined that it is spam. The letter in question claims that the recipient has recently changed their banking information and that they can review their payment receipt in the attached file. Instead, this attachment redirects to a phishing
We discovered the bectrocks[.]com rogue website while inspecting unreliable webpages. This site promotes browser notification spam and redirects users to other (likely dubious/hazardous) pages. The majority of visitors to bectrocks[.]com and webpages akin to it access them via redirects caused by
Our inspection of udesmail[.]com revealed that it is a rogue webpage, which aims to lure visitors into permitting it to spam them with browser notifications. Furthermore, this page is capable of redirecting users to different (likely dubious/dangerous) websites. Udesmail[.]com and similar sites a
Wpboostbuddy[.]com is a rogue page promoting browser notification spam and generating redirects to different (likely unreliable/dangerous) websites. Our research team discovered this webpage during a routine investigation of questionable sites. Users primarily enter pages like wpboostbuddy[.]com
While investigating dubious sites, our researchers found the romancerocket[.]click rogue page. Our analysis revealed that this webpage promotes deceptive content and browser notification spam. Romancerocket[.]click is also capable of generating redirects to other (likely questionable/dangerous) we