Our researchers discovered the PDFConverty app during a routine investigation of untrustworthy websites. After installing this software on our test machine, we determined that it is a PUA (Potentially Unwanted Application) that promotes the portal.pdfconverty.com fake search engine. It is worth m
Whoaglaugnow[.]com is the address of a rogue webpage discovered by our researchers during a routine inspection of unreliable sites. Upon examination, we determined that it promotes browser notification spam and redirects to different (likely dubious/malicious) websites. Most users enter whoaglaug
During our examination of malware samples on VirusTotal, we discovered a ransomware variant belonging to the Makop family dubbed Datah. This ransomware encrypts files and creates a ransom note ("+README-WARNING+.txt") containing contact information and other details. Also, Datah renames files. Da
Upon examination of defendsafe[.]site, it has been determined to be a deceptive website designed to present misleading content. Also, this site wants to send notifications. It is worth noting that users do not visit such pages on purpose. Usually, they end up on such pages through similar websites
While browsing untrustworthy websites, our researchers discovered a page endorsing a fake "cracked" software. After downloading the installer, we learned that it contains SDeck Free MediaPlayer and a bunch of other unwanted/harmful software. Due to the dubious methods used to promote SDeck Free M
Upon examination of the PassengerPigeon application, it has been determined to be a malicious extension disseminated via untrustworthy platforms. This extension possesses the ability to trigger the "Managed by your organization" function, infiltrate and tamper with diverse data sets, and oversee o
Upon scrutinizing the email, it has come to light that it is a scam designed to deceive unsuspecting recipients into transferring money and potentially divulging personal information. It is imperative to remain vigilant and refrain from engaging in such fraudulent attempts to safeguard your financ
After analysis, it has been determined that check-tl-ver consists of a series of domains with numerical variations in their URLs. Examples include check-tl-ver-12-7[.]top and check-tl-ver-24-1[.]com, showcasing this pattern. The top-level domains also vary (e.g., they can be .top and .com). The c
Our researchers found the ActivityOverall app while inspecting new file submissions to the VirusTotal site. Upon examination, we determined that it is adware from the AdLoad malware family. ActivityOverall is designed to generate revenue for its developers. Adware stands for advertising-
While reviewing new malware submissions to VirusTotal, our research team discovered Farao ransomware. It is based on the Chaos ransomware. This malicious program operates by encrypting files and demanding payment for their decryption. On our testing system, Farao encrypted files and appended an e