KillBack is ransomware that our team discovered while examining samples submitted to VirusTotal. Upon execution, KillBack encrypts data, appends the victim's ID and ".killback" extension to files, and creates a ransom note ("README.TXT"). An example of how the malware modifies filenames: It chang
Our research team found this fake "Brian" airdrop while browsing suspicious sites. Upon examination, we learned that this scam operates as a cryptocurrency drainer. Essentially, it aims to steal digital assets from exposed cryptocurrency wallets. It must be stressed that this bogus airdrop is not
Our team has examined the email and concluded that it is a scam. The message is disguised as a notification from UPS (a legitimate global shipping and logistics company). It is crafted to deceive recipients into sending money and (or) information to scammers. Recipients of this email should ignore
Our researchers found this fake "BabyDoge" website (babydogoswap[.]com; other domains may exist) during a routine investigation. The purpose of this page is to deceive users into connecting their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is in no way associa
While inspecting dubious websites, our researchers discovered jpadsnetwork[.]com. This rogue page is designed to endorse browser notification spam and generate redirects to different (likely unreliable/hazardous) sites. Jpadsnetwork[.]com and similar webpages are primarily accessed via redirects c
Jpadscity[.]com is a rogue webpage discovered by our researchers during a routine investigation. Upon examination, we learned that this page promotes browser notification spam and redirects users to other (likely suspicious/dangerous) sites. Most visitors to jpadscity[.]com and similar webpages a
Our research team found the jlodgings[.]com rogue page while investigating suspicious websites. Its purpose is to trick users into consenting to browser notification delivery; at the time of research, the webpage did so by utilizing a fake CAPTCHA test. This page also produces redirects to differe
We have tested search-regal.com and discovered that it is a fake search engine promoted through various unwanted extensions. These extensions are designed to hijack web browsers. Using search-regal.com and the associated extensions can expose users to privacy and security risks. Thus, they should
Our researchers discovered NeZha ransomware while investigating new submissions to the VirusTotal platform. Malicious programs within this classification operate by encrypting files and demanding ransoms for the decryption. On our test machine, NeZha encrypted and renamed files. Original filename
Our inspection of ironforgemaster[.]top revealed that the site employs clickbait to trick users into granting it permission to send notifications. Once allowed, it can flood users with intrusive and misleading alerts as well as other deceptive messages. For this reason, ironforgemaster[.]top shoul