Our researchers discovered the Nlb ransomware while investigating new submissions to VirusTotal. This malicious program is part of the Dharma ransomware family. Once we launched a sample of Nlb on our testing system, it encrypted files and altered their titles. Original filenames were appended wi
R0n is ransomware that encrypts files and appends the victim's ID, ronvest@tutanota.de email address, and the ".r0n" extension to filenames. Also, R0n provides two ransom notes: it displays a pop-up window and creates the "info.txt". Our team discovered R0n while inspecting malware samples submitt
Mztu is one of the ransomware variants belonging to the Djvu family. Our team discovered it while inspecting malware samples submitted to VirusTotal. The purpose of Mztu is to encrypt files. Also, this ransomware appends the ".mztu" extension to filenames and creates the "_readme.txt" file (a rans
While examining dfewasflyin[.]xyz, we found that this page displays a deceptive message to lure visitors into agreeing to receive notifications. It also redirects to other shady websites. Users do not normally visit sites like dfewasflyin[.]xyz on purpose. Dfewasflyin[.]xyz instructs visit
Our research team discovered the Block Site Access browser extension during a routine investigation of untrustworthy websites. This extension is described as a productivity tool capable of temporarily blocking distracting Web resources. However, our inspection of Block Site Access revealed that it
While testing the Block Access Site browser extension, our team noticed that it operates as adware - it displays annoying advertisements. Adware is often promoted and distributed using questionable methods. We discovered Block Access Site on a shady website. Thus, using this app is not recommended
ExpandedList is a rogue app that our research team discovered while checking out new submissions to VirusTotal. After inspecting this piece of software, we determined that it operates as adware and belongs to the AdLoad malware family. Adware stands for advertising-supported software. It
Realadvaservices[.]com is a rogue page that we found during a routine investigation of suspicious sites. This website pushes browser notification spam and can redirect users to other (likely untrustworthy/harmful) pages. Most users access webpages like realadvaservices[.]com via redirects caused
While checking out new submissions to VirusTotal, our researchers discovered the AdvancedProduct rogue application. It operates as advertising-supported software (adware). This app displays advertisements and may have additional undesirable functionalities. Additionally, it is noteworthy that Ad
After inspecting the "Order Information" email, we determined that it is spam. This fake letter is presented as a notification concerning an order that will soon be shipped. This spam mail operates as a phishing scam and targets email account log-in credentials. The scam email with the sub