Hitobito (also known as Kage No Hitobito) is a ransomware-type program. It operates by encrypting files and demanding payment for the decryption. On our test machine, Hitobito encrypted files and added a ".hitobito" extension to their filenames. For example, a file originally named "1.jpg" appear
Resultsearch.net is the address of a rogue webpage classed as a fake search engine. Sites within this classification cannot generate search results and tend to redirect to legitimate Internet search websites. Usually, these pages collect visitor data. Fake search engines are promoted by browser h
VCURMS is a remote administration Trojan (RAT) that cybercriminals store on public services such as Amazon Web Services (AWS) and GitHub. This method allows the Trojan to conceal its presence and activities from security measures, making it more challenging to detect and remove from infected syste
Myultimatesafeguard[.]com is a page discovered by our researchers during a routine investigation of questionable websites. Upon inspection, we determined that this rogue webpage promotes scams and browser notification spam. It can also redirect users to other (likely dubious/malicious) sites. Pag
While analyzing malware samples uploaded to VirusTotal, we identified cursoDFIR, a ransomware variant engineered to encrypt files. Additionally, cursoDFIR appends its extension (".cursoDFIR") to filenames, changes the desktop wallpaper, and generates a text file ("meleaicara.txt") containing a ran
Ert is a malicious program belonging to the Xorist ransomware family. It is designed to encrypt data and demand payment for the decryption. Our researchers discovered this malware while reviewing new submissions to the VirusTotal platform. When we executed a sample of Ert on our testing system, i
After examination, it has come to light that notifgetnews[.]com utilizes clickbait, a deceitful strategy, to coax visitors into agreeing to receive notifications. Furthermore, notifgetnews[.]com has the potential to redirect users to similar websites. Therefore, visitors are advised against placin
During our examination of the email, we found it to be a deceptive message impersonating a threat from a hacker. The scammer responsible for this email intends to trick recipients into thinking that compromising videos will be distributed to others unless they meet the specified demands. These typ
Upon analysis, it has been discovered that news-lifume[.]com employs clickbait, a deceptive tactic, to deceive visitors into consenting to receive notifications. Additionally, news-lifume[.]com has the capability to redirect users to comparable web pages, potentially leading to further manipulatio
After conducting an analysis of the MosasaurusHoffmannii application, we have concluded that it is a malicious extension that is being distributed through a deceptive webpage. This extension can activate the "Managed by your organization" feature, access and modify various data, and manage other e