AhRat is a Remote Access Trojan (RAT) that focuses on infiltrating Android devices. Its distribution occurred through a trojanized screen recording application, which was disguised and offered for download on the Google Play store. The original version of the app that was uploaded to the store di
While investigating suspicious websites, our research team discovered the ilitonline.com rogue webpage. It is designed to endorse browser notification spam and redirect users to other (likely dubious/malicious) websites. Users primarily access pages like ilitonline[.]com via redirects caused by si
Editortrip[.]com is a rogue page that our research team discovered while inspecting questionable websites. It operates by promoting browser notification spam and redirecting visitors to other (likely untrustworthy/hazardous) sites. Most users enter webpages like editortrip[.]com via redirects gene
After analyzing mediatesupervis[.]com, we discovered that the page employs a deceitful tactic to entice visitors into granting permission for notifications. We also observed that mediatesupervis[.]com redirects users to other questionable websites. As a result, it is strongly recommended to refrai
Our analysis of this page revealed that it presents a fabricated system scan and employs deceptive tactics to coerce users into contacting a fraudulent technical support number. These scams, known as pop-up scams, often masquerade as legitimate websites and are utilized by scammers to engage in ma
While reviewing new submissions to VirusTotal, our researchers discovered yet another malicious program based on the Chaos ransomware – called OBSIDIAN ORB. Malware within this classification is designed to encrypt data and demand ransoms for its decryption. On our testing system, OBSIDIAN ORB ra
Guerilla is the name of a malware that targets Android devices. Previous iterations of this malicious software operated predominantly as adware. Specifically, the program functioned by stealthily clicking advertisements – thus generating revenue for its developers via affiliate programs and simila
After analyzing newsfeedhome[.]com, our team discovered that the website employs a deceptive tactic by displaying a misleading message to manipulate visitors into granting permission for notifications. Additionally, newsfeedhome[.]com redirects users to other websites that employ clickbait techniq
In our examination of websites employing deceitful advertising networks, we encountered sembilme[.]com, a deceptive website. Users who visit this site are confronted with misleading information (a fake CAPTCHA), aiming to deceive them into accepting notifications. Moreover, accessing sembilme[.]co
Itlock is one of the ransomware variants belonging to the MedusaLocker family. Our malware researchers discovered it while checking the VirusTotal page for recently submitted samples. Itlock encrypts files, appends the ".itlock20" extension to filenames (the number in the extension can vary), and