TgToxic is the name of an Android banking malware. It is a malicious program that seeks to acquire finance-related information. This malware has been active in Southeast Asia as early as July 2022. The initially observed campaigns targeted Taiwanese users and later expanded to Thailand and Indone
Our team has investigated porptogred[.]com and learned that it is an unreliable website that displays a misleading message to trick visitors into agreeing to receive notifications. Visitors often inadvertently access sites like porptogred[.]com. We found porptogred[.]com while inspecting pages tha
While examining malware samples submitted to VirusTotal, we discovered a ransomware variant based on Chaos ransomware dubbed Adrianov. This variant encrypts data, modifies filenames of all encrypted files, changes the desktop wallpaper, and drops the "andrianov.txt" file containing contact, paymen
The PixPirate is a dangerous Android banking Trojan that has the capability to carry out ATS (Automatic Transfer System) attacks. This allows threat actors to automatically transfer funds through the Pix Instant Payment platform, which numerous Brazilian banks use. In addition to launching ATS at
We discovered starvardsee[.]xyz while examining websites that use rogue advertising networks. After analyzing starvardsee[.]xyz, we determined that it displays misleading content to gain permission to show questionable notifications and redirects users to other untrustworthy pages. Starvar
Our researchers found the sossiotron[.]com rogue page during a routine inspection of suspicious websites. This webpage operates by promoting spam browser notifications and redirecting users to different (likely unreliable/malicious) sites. Users typically enter pages through redirects caused by we
While investigating questionable sites, our researchers discovered the advnotmoney[.]com rogue webpage. It is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) websites. Pages like advnotmoney[.]com are most commonly accessed via redire
Advertizmenttoyou[.]com is a rogue page that our researchers discovered while checking out suspicious websites. This webpage pushes browser notification spam. Furthermore, advertizmenttoyou[.]com can redirect visitors to other (likely unreliable/harmful) sites. Most users access such pages through
Our research team found the unmizaptivery[.]com rogue page while investigating dubious websites. It endorses browser notification spam and redirects users to different (likely untrustworthy/dangerous) sites. Users primarily enter webpages like unmizaptivery[.]com through redirects caused by websi
Ransomwarebit is ransomware that our malware researchers have discovered while inspecting samples submitted to the VirusTotal website. We found that Ransomwarebit encrypts files, modifies filenames, and creates the "Restore_Your_Files.txt" text file (a ransom note). Ransomwarebit modifies filenam