HUNTER, a ransomware variant from the Phobos family, was identified during our analysis of malware samples on the VirusTotal page. It encrypts files and alters their filenames while also delivering two ransom notes named "info.txt" and "info.hta". Additionally, HUNTER ransomware appends the victim
Our research team discovered checkoutallc[.]com while reviewing untrustworthy websites. After inspecting this rogue page, we learned that it promotes browser notification spam and redirects users to different (likely dubious/malicious) sites. Most visitors to checkoutallc[.]com and similar webpag
While inspecting a Torrenting website that uses rogue advertising networks, our researchers were redirected to a deceptive page endorsing The Yellow Tab browser extension. This promotional material describes the extension as an easy-access tool for news, updates, and other information regarding ce
Our inspection of this "SharePoint Editor" email made it evident that it is spam. It makes false claims regarding the recipient being added as an editor to a work project on SharePoint. Accessing this nonexistent content supposedly requires signing in with the recipient's email log-in credentials.
While investigating dubious websites, our research team discovered the "AdClean (works on Youtube)" browser extension. Promoted as an ad-blocker (advertisement-blocking tool), this software operates as adware. In other words, instead of removing ads – this extension displays them. "AdClean (works
REDCryptoApp is a malicious program designed to encrypt data and demand ransoms for its decryption. Due to this behavior, it is classed as ransomware. After we launched a sample of this malware on our testing system, it encrypted files and added a ".REDCryptoApp" extension to their names. To elab
During our examination of the website, we discovered that check-tl-ver-12-7[.]top is one of many deceptive pages using clickbait tactics to obtain visitors' permission to send notifications. Additionally, check-tl-ver-12-7[.]top may redirect visitors to similar websites. Therefore, it is advisable
After inspecting the "Authentication Request" email, it became evident that it is spam. The mail warns recipients that unless they complete an authentication process, they can get logged out of their email account. The purpose of this email is to deceive users into providing their log-in credentia
During our inspection, we found that the purpose of omcaterpieom[.]com is to trick visitors into permitting it to show notifications. Omcaterpieom[.]com seeks to achieve this goal through the use of a clickbait technique. We also discovered that omcaterpieom[.]com redirects visitors to other untru
While inspecting new submissions to the VirusTotal platform, our researchers found Bande.app. Our analysis of this application revealed that it is adware from the Pirrit malware family. Bande.app is designed to deliver intrusive advertisement campaigns. Adware stands for advertising-supp