Our researchers discovered Benzona ransomware while inspecting new file submissions to the VirusTotal website. Malware of this kind encrypts data and demands a ransom for its decryption. On our test machine, Benzona encrypted files and appended a ".benzona" extension to their names. For example,
We have reviewed news-gojaxa[.]cc and determined that it is a deceptive website. The site uses clickbait to trick visitors into consenting to receive notifications from it. If permitted, news-gojaxa[.]cc can show misleading notifications to promote other potentially malicious web pages. Thus, it i
We have determined that news-goyafa[.]cc is intended to trick users into enabling its notifications. If permission is granted, it can deliver misleading messages, like fake alerts, to advertise suspicious websites. For this reason, the site and similar pages should be avoided, and any notification
ShinySp1d3r is ransomware that, once active, encrypts files on a device. It also appends random extensions to filenames (e.g., ".XHuch5gq" and ".GcfVmSz3"), changes the desktop wallpaper, and drops a ransom note ("R3ADME_[random_string].txt"). An example of how ShinySp1d3r renames files: It change
Our research team discovered spanchainio[.]com while investigating untrustworthy sites. After examining this rogue page, we determined that it promotes spam browser notifications and produces redirects to different (likely unreliable/harmful) websites. Most visitors to spanchainio[.]com and simil
ScoringMathTea is a Remote Access Trojan (RAT) written in the C++ programming language. It is a sophisticated malicious program with an emphasis on stealth and evasion of detection. RATs are designed to enable remote access/control over compromised machines. ScoringMathTea has been developed and i
Alwayssecuredsearch.com is a fake search engine that cannot provide search results. We discovered this website while analyzing the "Always Secured powered by Yahoo" browser hijacker. However, it could be promoted by other browser hijackers. Typically, browser-hijacking software (such as "A
We have examined learnassistsearch.com and determined that it is a fake search engine. It is distributed through a browser hijacker known as Learn Assist. Using learnassistsearch.com or Learn Assist can compromise privacy and security. Therefore, they should be avoided and removed if found on a br
We have tested service.webshieldhub.com and found that it is a bogus search engine. Moreover, it is promoted through a browser hijacker called Web Shield for Chrome. Using service.webshieldhub.com and Web Shield for Chrome can cause privacy and security issues. Thus, they should be avoided and sho
While investigating dubious sites, our research team discovered this fake "USDC Token Distribution" webpage. This scam claims to be distributing USDC cryptocurrency. Its goal is to lure victims into connecting their digital wallets to a cryptocurrency drainer. IMPORTANT NOTE: We do not revie