CRASH is ransomware (one of the Dharma ransomware family's variants). It encrypts files, modifies filenames (by appending the victim's ID, netcrash@msgsafe.io email address, and the ".CRASH" extension to filenames), and provides two ransom notes (displays a pop-up window and drops the "info.txt" f
Just is one of the ransomware variants belonging to the Dharma ransomware family. It encrypts files and appends the victim's ID, justdoit@onionmail.org email address, and ".just" extension to filenames. Also, Just drops "FILES ENCRYPTED.txt" file and displays a pop-up window (both containing a ran
Our researchers discovered the mydailydatareport[.]site rogue page while inspecting dubious websites. It promotes online scams and browser notification spam. Furthermore, it can redirect visitors to other (likely untrustworthy/malicious) sites. Most users enter webpages like mydailydatareport[.]si
Webfreshupdater[.]com is a rogue webpage that our researchers discovered while investigating suspicious sites. It promotes browser notification spam and redirects visitors to different (likely untrustworthy or malicious) websites. Users typically access pages akin to webfreshupdater[.]com through
After checking out the "Your Password Is About To Expire Tomorrow" email, we determined that it is spam. Letters belonging to this campaign operate as phishing scams targeting email account log-in credentials. These fake message urge recipients to avoid their password expiration and redirect to a
During a routine investigation of websites that use rogue advertising networks, our research team found a page endorsing the ComedyTab browser extension. It promises to display jokes from famous comedians on every new browser tab. However, our analysis revealed that in addition to working as adver
We inspected the "Verify Your Email Address" email and determined that it is spam. The letter states that the recipient's email account must be verified for security purposes. This spam mail operates as a phishing scam and aims to steal email passwords by promoting a fake sign-in webpage.
While studying this email, we learned that it is written by scammers who aim to trick unsuspecting recipients into providing sensitive information. It is disguised as a letter from an email service provider and contains a link to a phishing website. This email should be marked as spam and deleted
Injector trojan refers to a type of malware designed to inject malicious code into programs and processes. The application of these trojans varies; they may be capable of changing the operation of legitimate software or causing chain infections (i.e., downloading/installing additional malware). Du
While examining captchafine[.]live, we discovered that it uses a clickbait technique (displays a deceptive message) to lure visitors into allowing it to show notifications. Also, captchafine[.]live redirects to scam websites. This page has at least two variants. We discovered captchafine[.]live wh