News-lemasu[.]com is a rogue webpage that we discovered while inspecting dubious sites. It is designed to push spam browser notifications and redirect visitors to different (likely untrustworthy/malicious) pages. Most users enter these websites via redirects caused by sites using rogue advertising
Our researchers found the Craze ransomware-type program while inspecting new submissions to VirusTotal. After we had executed a sample of Craze on our test system, it began encrypting files. The filenames of the affected files were appended with an extension consisting of four random characters.
Bright Black is ransomware that does not encrypt files. It only renames files by prepending "x" letter to their extensions. For example, it renames "1.jpg" to "1.xjpg", "2.png" to "2.xpng", "3.exe" to "3.xexe", and so forth. Also, Bright Black displays a pop-up window and creates the "ransnote.htm
Captchaclean[.]top is a page that displays deceptive content to trick visitors into allowing it to show notifications and redirects to a scam website. We have discovered captchaclean[.]top while examining other websites that use rogue advertising networks. Like most pages of this type, captchaclea
While inspecting untrustworthy websites, we discovered the hugeer[.]club rogue page. It promotes scams, pushes browser notification spam, and redirects visitors to other (likely unreliable/malicious) sites. Users typically enter websites like hugeer[.]club via redirects caused by pages using rogue
News-rofahe[.]cc is one of the websites designed to trick visitors into agreeing to receive notifications. Also, this page can open other websites of this type. Our team discovered news-rofahe[.]cc while inspecting websites that use rogue advertising networks. Typically, sites like news-rofahe[.]c
AssetFrame is a rogue app that our researchers discovered while looking through new submissions to VirusTotal. After analyzing this application, we determined that it operates as adware and belongs to the AdLoad malware family. Adware is designed to run intrusive advertisement campaigns.
While analyzing malware samples submitted to VirusTotal, we discovered a new Chaos ransomware variant called Miami44. This ransomware encrypts files and appends four random characters to their filenames as their new extension. Also, Miami44 creates the "README.txt" file, a ransom note containing c
News-focedu[.]cc is a deceptive website that we discovered while inspecting various illegal movie streaming pages, torrent sites, and other pages that use rogue advertising networks. After examining news-focedu[.]cc, we found that it displays shady content, asks for permission to show notification
While inspecting malware samples submitted to the VirusTotal page, our team discovered ransomware called Bydes. After analysis, we found that Bydes encrypts files, copies every encrypted file and appends the ".bydes" extension to its filename, and displays a pop-up window containing a ransom note.