GHOSTPULSE (also known as IDATLOADER, HIJACKLOADER) is a piece of malicious software classed as a loader. Programs of this kind are designed to load additional malware onto compromised systems (i.e., cause chain infections). GHOSTPULSE has been spread through ClickFix scam campaigns. GHOST
We have examined this website and concluded that it is a scam site that uses scare tactics to trick users into interacting with it (clicking the provided links). Usually, websites of this type lead users to other unreliable sites, including pages hosting malware. Sometimes, they can promote legiti
Amatera is an information stealer written in C++ programming language and based on another stealer known as ACR. Cybercriminals sell it as a malware-as-a-service (MaaS). It is priced at $199 for 1 month, $499 for 3 months, $899 for 6 months, and $1499 for 1 year. If Amatera is detected on the syst
Our research team discovered the vasontalea[.]com rogue webpage while investigating suspicious sites. After inspecting this page, we learned that it promotes browser notification spam and redirects users to other (likely dubious/harmful) websites. Most visitors to webpages like vasontalea[.]com en
While inspecting dubious websites, our research team found jjrncx.co[.]in. This rogue webpage endorses spam browser notifications and redirects visitors to different (likely untrustworthy/dangerous) sites. Jjrncx.co[.]in and analogous pages are primarily accessed through redirects caused by websit
Bridgechainlabs[.]com is a rogue page discovered by our researchers during a routine inspection of dubious websites. It is designed to promote browser notification spam and generate redirects to different (likely questionable/malicious) sites. Most users access webpages like bridgechainlabs[.]com
We have examined ers-adguard[.]pro and found that it is designed to send fraudulent notifications. However, the site cannot show these notifications without permission, so it uses clickbait to obtain it. Users should never trust pages like ers-adguard[.]pro and always close them if encountered.
Our analysis of ottpzx.co[.]in reveals that the site can send misleading notifications. Since it requires user permission, it uses a deceptive tactic to trick visitors into granting this permission. It is highly recommended to avoid ottpzx.co[.]in and never allow it to display notifications, as do
Our review of medidmakingbythe[.]org shows that the site can send misleading notifications. However, because it needs user permission, it uses a deceptive method to get it from visitors. It is strongly advised to avoid this site and never allow it to show notifications, as doing so can expose user
After examining this "Finished Updating Mail Server" email, we determined that it is spam. This message states that the recipient must confirm which employee email accounts are still in use. The spam campaign aims to lure users into visiting a phishing website that targets log-in credentials.