PowerDrop is the name of the malware seen in targeted attacks aimed specifically at the U.S. aerospace defense industry. PowerDrop leverages PowerShell and Windows Management Instrumentation (WMI) to establish a persistent Remote Access Trojan (RAT) within compromised networks. The specific method
Anxz is the name of a ransomware-type program that our researchers discovered while investigating new submissions to the VirusTotal website. This malicious program is based on the Chaos ransomware. It operates by encrypting data and demanding payment for its decryption. After we executed a sample
While inspecting adstopc[.]com, our team found that it displays misleading content to receive permission to send notifications. Moreover, adstopc[.]com has the potential to redirect visitors to other shady websites. We discovered adstopc[.]com during our examination of pages associated with rogue
While investigating new submissions to the VirusTotal site, our researchers discovered the LMAO ransomware. This program is based on the Chaos ransomware, and it is designed to encrypt data and demand ransoms for its decryption. On our test machine, LMAO encrypted files and appended their filenam
While examining secure-your-device[.]com, we learned that it is a deceptive website. Secure-your-device[.]com displays fake warnings and wants to show notifications. Our team came across secure-your-device[.]com while inspecting websites associated with rogue advertising networks. Once vis
While analyzing desparnd[.]com, we uncovered its utilization of a clickbait technique to entice visitors into granting permission for notifications. Our investigation of pages linked to unreliable advertising networks led us to discover desparnd[.]com. It is important to note that this website has
BuSaveLock is ransomware belonging to the MedusaLocker family. Our team discovered BuSaveLock while examining samples on the VirusTotal page. The purpose of BuSaveLock is to encrypt files and demand payment in return for their decryption. Also, this ransomware provides a ransom note ("How_to_back_
During our examination of gouddin[.]com, we found that this page uses clickbait to lure visitors into allowing it to show notifications. We discovered gouddin[.]com while inspecting pages associated with rogue advertising networks. It is worth mentioning that gouddin[.]com may redirect visitors to
Gserience[.]xyz is the address of a rogue webpage. It is designed to trick visitors into permitting its browser notification delivery. This page can also redirect them to other (likely untrustworthy/hazardous) sites. The majority of users access webpages like gserience[.]xyz through redirects cau
During our investigation of groovinews[.]com, we identified its utilization of deceitful methods, including the presentation of misleading messages and other content, to manipulate visitors into subscribing to notifications. Additionally, groovinews[.]com has the potential to redirect users to oth