While examining malware samples submitted to the VirusTotal website, our team discovered ransomware belonging to the Phobos family called STEEL. This ransomware encrypts files and appends the victim's ID, codeofhonor@tuta.io email address, and the ".STEEL" extension to filenames. Also, STEEL prov
Our researchers discovered the globaladvdomservices[.]com rogue page while investigating dubious websites. It operates by promoting spam browser notifications, at the time of research, through the use of fake CAPTCHA verification. Additionally, this webpage can redirect visitors to other (likely u
Our research team discovered the InstantFresh app while investigating new submissions to VirusTotal. Our inspection of this application revealed that it is advertising-supported software (adware) belonging to the AdLoad malware family. InstantFresh runs intrusive advertisement campaigns and may
GOGO is a ransomware-type program we discovered while checking out new submissions to VirusTotal. It belongs to the VoidCrypt ransomware family. We executed a sample of GOGO ransomware on our testing system, and we learned that it encrypts files and appends their filenames with a unique ID assign
Our researchers discovered the wholenicefeed[.]com rogue page while inspecting suspicious websites. It operates by promoting spam browser notifications and redirecting visitors to other (likely dubious/malicious) sites. Users typically access webpages like wholenicefeed[.]com via redirects caused
While checking out new submissions to VirusTotal, our researchers found the Covid29 ransomware-type program. Malware within this category aims to extract payment (ransoms) from victims – typically for the decryption of encrypted files. However, Covid29 does not operate in this manner. Several min
Youngmedias[.]biz is one of the websites that display deceptive messages to lure visitors into agreeing to receive notifications from them. Usually, users open such pages inadvertently. We discovered youngmedias[.]biz while inspecting sites that use shady advertising networks. There are at
Our team has tested the App browser extension and found that it functions as a browser hijacker. The purpose of this extension is to promote various fake search engines. Also, the App extension adds the "Managed by your organization" feature to Chrome browsers. We discovered it on a deceptive web
Our researchers discovered the webvenadvdesign[.]com rogue page while investigating suspicious websites. It is designed to push browser notification spam and redirect users to other (likely unreliable/malicious) sites. Most visitors access webvenadvdesign[.]com and similar webpages via redirects
Prizesleads[.]com is a rogue webpage that we discovered during a routine inspection of suspect websites. It is designed to promote deceptive content and spam browser notifications. Furthermore, this site can redirect users to different (likely unreliable/dangerous) pages. Most visitors to prizesl