While investigating new file submissions to the VirusTotal platform, our research team discovered the Govcrypt ransomware. This malicious program is based on the Chaos ransomware. On our test machine, this ransomware encrypted files and added a ".govcrypt" extension to their filenames. To elabora
While investigating dubious websites, our researchers discovered the dvsadguard.co[.]in page. It is designed to trick visitors into enabling browser notification delivery. This webpage can also generate redirects to different (likely unreliable/hazardous) sites. Most users access dvsadguard.co[.]i
Our analysis of this scam site reveals that it claims to offer a tool called Hacking Panel V2 for compromising (hacking) Facebook accounts. In reality, users are redirected to a different web page. Engaging with such schemes is strongly discouraged due to the risks involved. If such a page is enco
HentaiLocker 2.0 is a ransomware-type program discovered by our researchers during a routine investigation of new submissions to VirusTotal. This malicious program is designed to encrypt data and demand ransoms for the decryption. After we executed a sample of this malware on our test machine, it
We have discovered this scheme during an inspection of a PDF file hosted on a dubious page. This scam site is supposed to provide a tool (Hacking Panel V2) for hacking Instagram accounts. Ultimately, users are directed to another web page. It is highly advisable not to trust such schemes to avoid
Our research team discovered the BackLock ransomware while investigating new submissions to the VirusTotal website. This malicious program operates by encrypting data to demand payment for the decryption. On our test machine, BackLock encrypted files and added a ".{victim's_ID}.backlock" extensio
ITSA is ransomware that our team discovered while inspecting malware samples uploaded to VirusTotal. Once executed, ITSA encrypts files and appends the ".itsa" extension to them. For example, it renames "1.jpg" to "1.jpg.ista", "2.png" to "2.png.itsa", and so forth. It also drops a ransom note ("D
RALEIGHRAD is ransomware our team discovered during a routine inspection of malware samples submitted to VirusTotal. Upon execution, RALEIGHRAD encrypts files and changes their extensions to ".RALEIGHRAD" (e.g., it renames "1.jpg" to "1.jpg.RALEIGHRAD", "2.png" to "2.png.RALEIGHRAD", etc.). Addit
Our team has inspected the page (grokgroup[.]icu) and discovered that it is a scam disguised as a cryptocurrency airdrop (giveaway). It is designed to trick individuals into believing they can receive free tokens. However, victims of this scam can suffer monetary loss, as scammers can steal all of
Our researchers found the ovateshidae.co[.]in rogue page while examining dubious websites. After inspecting this webpage, we determined that it promotes browser notification spam and redirects visitors to different (likely untrustworthy/dangerous) sites. Ovateshidae.co[.]in and similar pages are p