While examining malware samples submitted to VirusTotal, we discovered a ransomware variant based on Chaos ransomware dubbed Adrianov. This variant encrypts data, modifies filenames of all encrypted files, changes the desktop wallpaper, and drops the "andrianov.txt" file containing contact, paymen
The PixPirate is a dangerous Android banking Trojan that has the capability to carry out ATS (Automatic Transfer System) attacks. This allows threat actors to automatically transfer funds through the Pix Instant Payment platform, which numerous Brazilian banks use. In addition to launching ATS at
We discovered starvardsee[.]xyz while examining websites that use rogue advertising networks. After analyzing starvardsee[.]xyz, we determined that it displays misleading content to gain permission to show questionable notifications and redirects users to other untrustworthy pages. Starvar
Our researchers found the sossiotron[.]com rogue page during a routine inspection of suspicious websites. This webpage operates by promoting spam browser notifications and redirecting users to different (likely unreliable/malicious) sites. Users typically enter pages through redirects caused by we
While investigating questionable sites, our researchers discovered the advnotmoney[.]com rogue webpage. It is designed to promote spam browser notifications and redirect visitors to other (likely unreliable or malicious) websites. Pages like advnotmoney[.]com are most commonly accessed via redire
Advertizmenttoyou[.]com is a rogue page that our researchers discovered while checking out suspicious websites. This webpage pushes browser notification spam. Furthermore, advertizmenttoyou[.]com can redirect visitors to other (likely unreliable/harmful) sites. Most users access such pages through
Our research team found the unmizaptivery[.]com rogue page while investigating dubious websites. It endorses browser notification spam and redirects users to different (likely untrustworthy/dangerous) sites. Users primarily enter webpages like unmizaptivery[.]com through redirects caused by websi
Ransomwarebit is ransomware that our malware researchers have discovered while inspecting samples submitted to the VirusTotal website. We found that Ransomwarebit encrypts files, modifies filenames, and creates the "Restore_Your_Files.txt" text file (a ransom note). Ransomwarebit modifies filenam
Our research team discovered the trands[.]click rogue page during a routine inspection of suspicious websites. It runs scams, promotes spam browser notifications, and redirects visitors to other (likely untrustworthy/harmful) sites. Most users enter trands[.]click and pages akin to it – through r
Goadsnetwork[.]com is a deceptive website we found while investigating websites that use rogue advertising networks. Goadsnetwork[.]com displays deceptive content (a fake CAPTCHA) to deceive visitors into agreeing to notifications. Also, goadsnetwork[.]com may lead to other shady websites.