While checking out new submissions to VirusTotal, our researchers discovered the District ransomware. This type of malware is designed to encrypt data and demand payment for decryption. On our test machine, District encrypted files and changed their filenames by appending them with the cyber crim
We have inspected gosearches.gg and found that it is a fake search engine promoted via browser hijackers. Our team has also noticed that gosearches.gg is often the final destination URL in redirect chains (e.g., gosearches.gg gets opened via searchesmia.com). It is highly advisable not to trust go
Our team has examined captchafair[.]top and learned that this site shows a deceptive message to trick visitors into allowing it to show notifications. Also, captchafair[.]top redirects visitors to other untrustworthy web pages. We have discovered captchafair[.]top while inspecting sites that use s
While inspecting websites that use rogue advertising networks, our research team discovered a page promoting the "Your Windows OS Is Damaged" scam. It is a technical support scam presented as a system warning from Windows claiming that the visitor's operating system has been damaged due to virus i
While examining malware samples submitted to VirusTotal, we discovered a Dharma ransomware variant dubbed D0n. This ransomware encrypts files and appends the victim's ID, dong@techmail.info email address, and ".d0n" extension to their filenames. Also, it drops the "info.txt" file and shows a pop-u
Bpsm is ransomware (file-encrypting malware). Our team discovered Bpsm while checking the VirusTotal site for recently submitted malware samples. We found that Bpsm belongs to the Djvu ransomware family, which means it is likely that it is distributed alongside RedLine, Vidar, or other information
While inspecting searchesmia.com, our team found that it redirects users to fake search engines. Our team discovered searchesmia.com while testing rogue browser extensions. These are the main two reasons why searchesmia.com cannot be trusted. We found that searchesmia.com shows results by
Our team has analyzed allnicespot[.]com and determined that this page displays deceptive content to lure visitors into agreeing to receive notifications and redirects to other pages. We have discovered allnicespot[.]com while browsing sites that use shady advertising networks. It is very uncommon
While investigating mywebsecurityguard[.]site web page, we found that it shows a fake virus warnings and other deceptive content to trick visitors into believing that their computers are infected. We determined that mywebsecurityguard[.]site runs the "Norton Security - Your PC Might Be Infected Wi
While testing the National Parks Tab browser extension, we found that it hijacks a web browser by changing its settings. Typically, users download and add browser hijackers to browsers unknowingly. Most apps of this type promote fake (or untrustworthy) search engines. We learned that Natio