While analyzing malware samples on VirusTotal, we have found a ransomware variant called Ptqw. This ransomware encrypts files and changes filenames by adding the ".ptqw" extension. Additionally, Ptqw creates a ransom note that can be found in a file named "_readme.txt". Ptqw modifies filenames as
In a thorough analysis of the samples submitted to VirusTotal, we identified the presence of the Pthh ransomware, a member of the Djvu family. This malicious program is responsible for encrypting data and appending the ".pthh" extension to the files it affects. Once the encryption process is final
Our research team discovered the news-nosate[.]com rogue webpage while investigating dubious sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) websites. Users primarily access news-nosate[.]com and webpages akin to it via redirects c
While investigating deceptive sites, our researchers discovered the Sebux rogue browser extension. After analyzing this piece of software, we determined that it is adware. Sebux runs intrusive advertisement campaigns and spies on users' browsing activity. Adware stands for advertising-supp
Our researchers discovered the stoneheartseeker[.]top rogue page during a routine inspection of questionable websites. It is designed to push browser notification spam and redirect visitors to other (likely untrustworthy/harmful) sites. Most users enter webpages like stoneheartseeker[.]top via red
While inspecting suspect websites, our research team discovered the Extreme Sports Wallpapers browser extension. It promises to display extreme sports themed browser wallpapers. After investigating this extension, we learned that it is a browser hijacker. Extreme Sports Wallpapers modifies browser
After inspecting the "You Have Received An Encrypted Document" email, we determined that it is spam. This letter makes false claims about a document shared with the email recipient. The goal is to trick them into visiting a phishing site presented as a sign-in page. The email with the subj
Deepcoreminer[.]top is a rogue webpage that promotes browser notifications spam and redirects users to different (likely unreliable/dangerous) sites. The majority of visitors to deepcoreminer[.]top and similar pages access them via redirects generated by websites that employ rogue advertising net
"We Are Interested In Your Company Products" is a spam email promoting a phishing scam. This letter expresses the sender's interest in purchasing products from the recipient's company. Attempting to review the potential purchase order results in redirects to a phishing website disguised as an emai
Cur malware group refers to a family of malicious programs. The software belonging to this group share little commonality with each other, likewise there are no evident code similarities. What links these programs to one another is a shared infrastructure, and there is evidence suggesting that it