While inspecting websites that use rogue advertising networks, our research team discovered a page promoting the "Your Windows OS Is Damaged" scam. It is a technical support scam presented as a system warning from Windows claiming that the visitor's operating system has been damaged due to virus i
While examining malware samples submitted to VirusTotal, we discovered a Dharma ransomware variant dubbed D0n. This ransomware encrypts files and appends the victim's ID, dong@techmail.info email address, and ".d0n" extension to their filenames. Also, it drops the "info.txt" file and shows a pop-u
Bpsm is ransomware (file-encrypting malware). Our team discovered Bpsm while checking the VirusTotal site for recently submitted malware samples. We found that Bpsm belongs to the Djvu ransomware family, which means it is likely that it is distributed alongside RedLine, Vidar, or other information
While inspecting searchesmia.com, our team found that it redirects users to fake search engines. Our team discovered searchesmia.com while testing rogue browser extensions. These are the main two reasons why searchesmia.com cannot be trusted. We found that searchesmia.com shows results by
Our team has analyzed allnicespot[.]com and determined that this page displays deceptive content to lure visitors into agreeing to receive notifications and redirects to other pages. We have discovered allnicespot[.]com while browsing sites that use shady advertising networks. It is very uncommon
While investigating mywebsecurityguard[.]site web page, we found that it shows a fake virus warnings and other deceptive content to trick visitors into believing that their computers are infected. We determined that mywebsecurityguard[.]site runs the "Norton Security - Your PC Might Be Infected Wi
While testing the National Parks Tab browser extension, we found that it hijacks a web browser by changing its settings. Typically, users download and add browser hijackers to browsers unknowingly. Most apps of this type promote fake (or untrustworthy) search engines. We learned that Natio
While analyzing cophypserous[.]com, we found that it is an untrustworthy web page that shows a deceptive message to lure visitors into allowing it to show notifications. Our team discovered cophypserous[.]com while inspecting websites that use shady advertising networks. Cophypserous[.]com
While inspecting malware samples submitted to the VirusTotal page, our team discovered a ransomware variant called Monaki. This ransomware encrypts files and prepends "Lock." to their filenames. Also, Monaki changes the desktop wallpaper to an image with a ransom note. An example of how Monaki re
CY3 is ransomware belonging to the Dharma family. Our team discovered CY3 while checking the VirusTotal website for recently submitted malware samples. We found that CY3 encrypts files, appends the victim's ID, cybercrypt@tutanota.com email address, and ".CY3" extension to filenames. CY3 also dis