We discovered idesmasp[.]com while investigating suspicious sites. This rogue page promotes browser notification spam and can redirect users to different (likely unreliable/hazardous) websites. Most visitors to webpages similar to idesmasp[.]com access them through redirects caused by sites using
We discovered SyncProcess adware while browsing new submissions to the VirusTotal platform. This application belongs to the AdLoad malware family. SyncProcess is designed to generate through advertising. Adware typically operates by placing third-party graphical content (e.g., overlays,
Moltenmoldmaster[.]com is a rogue webpage found by our researchers during a routine inspection of untrustworthy sites. Our examination revealed that this page endorses spam browser notifications and redirects to other (likely dubious/dangerous) websites. Most users access webpages like moltenmold
Charity is a ransomware-type program. Typically, malware within this classification encrypts files and demands ransoms for the decryption. However, the Charity malicious program did not encrypt data at the time of research. Instead, Charity displayed a fullscreen message containing a standard ran
Our researchers found the PracticalDisplay application while reviewing new submissions to the VirusTotal website. After investigating this piece of software, we determined that it is adware. PracticalDisplay is part of the AdLoad malware family. This app operates by delivering intrusive advert c
Our researchers found iwheenaiga[.]com while browsing untrustworthy websites. After inspecting this rogue webpage, we determined that it promotes browser notification spam and redirects users to other (likely dubious/malicious) sites. The majority of visitors to iwheenaiga[.]com and pages akin to
This fake crypto exchange platform imitates the legitimate Hyperliquid trading platform. The scam website we investigated perfectly mimicked Hyperliquid's design. However, the fraudulent webpage lacked functionality besides the "connect wallet" option. When users "connect" their digital wallets to
Our researchers discovered the Rincrypt ransomware while examining new submissions to the VirusTotal website. After we executed a sample of Rincrypt on our testing system, it encrypted files and appended their filenames with a ".rincrypt" extension. For example, a file originally titled "1.jpg" a
During our inspection, we found that bestrecgetpreview[.]com is a deceptive website designed to display deceptive content to lure visitors into taking certain actions. Also, bestrecgetpreview[.]com may redirect users to other unreliable sites. Thus, bestrecgetpreview[.]com should be avoided.
This "Mode Sunrise Airdrop" is fake. The giveaway supposedly distributes the Mode cryptocurrency. However, when a user attempts to participate in this airdrop, they inadvertently expose their digital wallet to a crypto drainer that can empty it of stored assets. Several domains have been o