During our examination of samples on VirusTotal, our team recently discovered a variant of the Djvu ransomware family named Nerz. Nerz encrypts data and appends the ".nerz" extension to the files it affects. Once the encryption process is complete, the ransomware leaves a ransom note titled "_read
During our examination of juble[.]click, we discovered that it employs a deceptive strategy to persuade visitors into granting it permission to send notifications. Moreover, juble[.]click has the potential to redirect visitors to dubious websites. We encountered juble[.]click while investigating p
Dev-defense[.]com is a rogue webpage designed to promote dubious content and browser notification spam. It is also capable of redirecting visitors to different (likely unreliable/hazardous) sites. Users primarily access pages like dev-defense[.]com through redirects generated by websites that emp
NBR is ransomware belonging to the Dharma family. The purpose of NBR is to encrypt data. Additionally, this ransomware appends the victim's ID, harry023m@aol.com email address, and the ".NBR" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.id-1E857D00.[Harry023m@aol.com].NBR", "
Eukeuktyouex[.]xyz is a rogue page that we discovered while inspecting suspect websites. This webpage promotes browser notification spam and redirects users to different (likely unreliable/dangerous) sites. Visitors to eukeuktyouex[.]xyz and similar pages access them primarily through redirects g
While inspecting suspect sites, our researchers discovered the fumuluckt[.]com rogue webpage. It is designed to push spam browser notifications and redirect visitors to other (likely unreliable/malicious) websites. Most users access pages like fumuluckt[.]com via redirects generated by sites that
Our researchers found the besteasyclick[.]com rogue page while checking out untrustworthy websites. This webpage operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/hazardous) websites. Users primarily access pages like besteasyclick[.]com thro
Horabot is part of the campaign where threat actors infect machines with a banking Trojan and spam tool. This campaign primarily focuses on Spanish-speaking users in the Americas. Horabot enables attackers to manipulate Outlook mailboxes, extract email addresses, distribute phishing emails with ha
Declinerybelfa[.]buzz is a rogue page that aims to deceive visitors into enabling its browser notification delivery. Additionally, this webpage can generate redirects to other (likely untrustworthy/hazardous) sites. Most visitors to declinerybelfa[.]buzz and pages akin to it – access them via red
Based on our evaluation, it has been determined that the Download Assist application functions as an ad-supported browser extension. This conclusion was reached after observing the display of advertisements by Download Assist. Furthermore, our investigation revealed that Download Assist possesses