During our analysis of malware samples submitted to VirusTotal, our team came across Sato ransomware, which belongs to the Djvu family. Once a computer is infected, Sato encrypts the files and adds the ".sato" extension to their filenames. Moreover, it generates a ransom note (creates a text file
While examining malware samples submitted to VirusTotal, we encountered Saba, a ransomware variant from the Djvu ransomware family. Saba encrypts files and modifies their filenames by adding the extension ".saba". Additionally, it generates a ransom note, a text file named "_readme.txt". An examp
Bumperskiner[.]com is a rogue webpage that our research team found while investigating suspicious sites. Two appearance variants were discovered, both using fake CAPTCHA to promote browser notification spam. Additionally, bumperskiner[.]com is capable of redirecting users to other (likely unreliab
Our researchers discovered the Spice browser extension during a routine inspection of untrustworthy websites. This extension is endorsed as a quick-access tool for recipes, dietary recommendations, best-rated restaurants, and other food-related content. Our analysis of Spice revealed that it oper
While investigating dubious websites, our research team discovered the Plant Planet browser extension. It is endorsed as a quick-access tool to healthy lifestyle related content. Our analysis revealed that Plant Planet operates as a browser hijacker and promotes (through redirects) the finddbest.c
Our research team discovered the dm*.biz rogue website family during a routine investigation of untrustworthy sites. This group includes pages that have similar URLs that differ by number, e.g., dm01[.]biz, dm02[.]biz, dm03[.]biz, dm04[.]biz, etc. Rogue webpages of this kind are designed to load
Lady Like is the name of a browser extension that our research team discovered while inspecting suspicious sites. After investigating this piece of software, we learned that it is a browser hijacker. In other words, Lady Like makes alterations to browser settings in order to endorse (via redirects
While inspecting suspect websites, our researchers discovered the asnzvu[.]com rogue page. It is designed to endorse spam browser notifications and redirect visitors to other (likely untrustworthy/harmful) sites. Users primarily access such webpages via redirects caused by sites using rogue adver
Our research uncovered that trademasters*[.]xyz (with different numbers in the domain, such as trademasters1[.]xyz and trademasters2[.]xyz) is a collection of deceptive websites. The purpose of these sites is to lure visitors into allowing them to show notifications. It is uncommon for such pages
We found the allronadforyoushop[.]com rogue page during a routine inspection of untrustworthy websites. It operates by promoting browser notification spam and redirecting visitors to different (likely dubious/dangerous) sites. Users typically access such webpages via redirects caused by sites that