Our research team discovered the mysecuritydatabase[.]live rogue page while checking out dubious websites. This webpage promotes scams (e.g., "Norton Security - Your PC Might Be Infected With Viruses!") and spam browser notifications. Furthermore, mysecuritydatabase[.]live can redirect users to ot
Nativepclink[.]com is a rogue site discovered by our researchers while inspecting suspicious websites. It is designed to run scams, promote spam browser notifications, and redirect visitors to different (likely untrustworthy or hazardous) pages. Users typically access websites like nativepclink[.
DRCRM is a ransomware that our researchers found while checking out new submissions to VirusTotal. It is yet another malicious program belonging to the VoidCrypt ransomware family. On our test machine, DRCRM encrypted files and altered their titles. The ransomware appended original filenames with
During the examination of protectionservicespc[.]site, we found that it uses fraudulent marketing to promote antivirus software. This page shows deceptive (fake) messages to trick visitors into believing that their computers are infected and purchasing antivirus subscriptions. Also, protectionserv
During a routine inspection of suspicious websites, our research team discovered the steadycaptcha[.]live rogue page. It promotes browser notification spam and redirects visitors elsewhere (likely untrustworthy/harmful) webpages. Users typically enter steadycaptcha[.]live and sites akin to it - v
CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped
While inspecting sites that use rogue advertising networks, our research team discovered the "FIFA Crypto Giveaway" scam. It is presented as a giveaway held by FIFA, in which users are to contribute a certain amount of either Bitcoin (BTC) or Ethereum (ETH) cryptocurrency to the "event" and immedi
Our inspection of the "Your Organization Needs More Information To Keep Your Account Secure" email revealed that it is spam that operates as a phishing scam. These letters target the log-in credentials of recipients' email accounts by offering the latest tech and security innovations. This
Tcbu is the name of the Djvu ransomware variant that our team discovered while checking the VirusTotal page for recently submitted malware samples. We learned that Tcbu encrypts files, appends ".tcbu" extension to filenames, and drops the "_readme.txt" file (a ransom note). An example of how Tcbu
Tcvp is a Djvu ransomware variant that encrypts files, appends the ".tcvp" extension to filenames, and drops the "_readme.txt" file. Our malware researchers discovered Tcvp ransomware while examining samples submitted to VirusTotal. Djvu ransomware is often distributed with information-stealing ma