Poop69 is a ransomware-type program that our researchers discovered while investigating new submissions to VirusTotal. Malware within this classification is designed to encrypt data and demand payment for its decryption. On our testing system, Poop69 encrypted files and appended their filenames w
During our examination of websites that utilize deceptive advertising networks, we encountered crystalcrafter[.]top, a fraudulent website that displays deceptive content to trick users into accepting notifications. Moreover, visiting uuksehinkitwkuo[.]com can result in visiting other untrustworthy
During our testing of mtabs.org, we discovered it to be a fake search engine. Pretty often, search engines of this type are promoted through browser hijackers. Typically, these types of applications change the browser settings to hijack them. Therefore, search engines that are promoted in this way
Upon examination, we determined that it is a technical support scam designed to trick users into believing that their device has a critical issue that needs immediate attention. This scam involves a pop-up message that warns users of a problem, followed by a prompt to call "Windows Support" for as
While examining samples submitted to VirusTotal, we discovered ransomware dubbed BIG HEAD. This ransomware encrypts files, replaces filenames with random strings, and generates a ransom note ("README_[random_number].txt"). An example of how BIG HEAD renames files: it changes "1.jpg" to "Mi5wbmc=",
While investigating questionable advertising networks, we stumbled upon nodritsissub[.]com. This website exhibits misleading content in an attempt to trick visitors into subscribing to its notifications. Additionally, nodritsissub[.]com redirects visitors to other websites. When visiting n
Thenicejournal[.]com is a rogue webpage that we discovered while checking out suspicious sites. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/harmful) pages. Users primarily enter such webpages through redirects caused by sites that employ ro
Magic-dark.xyz is the URL of an illegitimate search engine. It cannot provide search results and redirects to a genuine Internet search site. Fake search engines are commonly promoted by browser hijackers. This software modifies browser settings in order to cause redirects to the endorsed website
Overheatusa[.]com is a rogue site that we discovered while investigating dubious webpages. It promotes browser notification spam and redirects visitors to different (likely unreliable/hazardous) websites. Most users enter such pages through redirects caused by websites using rogue advertising netw
Our researchers discovered the Nature Extension while inspecting suspicious websites. This browser extension displays nature-themed browser wallpapers. After analyzing Nature Extension, we learned that it is a browser hijacker. It makes changes to browser settings in order to promote the find.bsea