Empermin[.]com is a rogue page that we discovered while inspecting untrustworthy websites. It promotes browser notification spam and redirects users to other (likely unreliable/harmful) sites. Most visitors to empermin[.]com and similar webpages enter them through redirects caused by websites that
After analyzing loloszod[.]xyz, it has come to light that this website employs a deceptive tactic called clickbait. Loloszod[.]xyz uses misleading content, including both text and visual elements, with the intention of persuading visitors to grant notification permissions. Therefore, it is recomme
Upon a detailed analysis of the CucurbitaPepo browser extension, it has become evident that this extension is unreliable. CucurbitaPepo is disseminated through a malicious installer and contains functionalities that include reading data and managing various Chrome browser settings and other compon
StyleServ is a backdoor-type malware. Programs within this classification are designed to essentially prepare a system for further infiltration and/or carry out the second stage of the infection (i.e., download/install additional malicious programs or components). While StyleServ's exact purpose i
Cute Goats Tab, initially marketed as a Chrome extension intended to provide users with charming images of various goat species on their browser's new tab, hides a deceptive character. Unfortunately, it functions as a browser hijacker, actively endorsing track.clickcrystal.com, resulting in unwelc
During a routine investigation of new file submissions to the VirusTotal platform, our research team found the MesaCorp ransomware. This malicious program is based on the Chaos ransomware. MesaCorp is designed to encrypt files and demand ransoms for their decryption. On our test machine, this mal
While checking out suspicious sites, our research team discovered the news-gavewe.com rogue webpage. It is designed to promote spam browser notifications and redirect users to different (likely dubious/malicious) websites. Visitors to news-gavewe[.]com and similar pages access them primarily thro
Crypto is ransomware belonging to the MedusaLocker family. It has been discovered during the analysis of samples on the VirusTotal website. Once on the system, Crypto encrypts files, changes filenames of all encrypted files, and leaves a ransom note ("How_to_back_files.html"). Crypto alters filen
Our researchers discovered the Horoscope Harmony browser extension while inspecting deceptive sites. It promises to provide easy access to horoscopes. After examining this extension, we determined that it is a browser hijacker. Horoscope Harmony makes changes to browser settings in order to promo
Upon examination, it has been determined that the purpose of this email is to lure recipients into opening the attached file and entering personal information. This email is disguised as a letter from American Express - a legitimate bank holding company. Emails of this type are known as phishing e