While inspecting defenderfocus[.]xyz, we found that it runs the "McAfee - Your PC is infected with 5 viruses!" scam and wants to deliver untrustworthy notifications. This page should be ignored and never allowed to show notifications. Our team discovered defenderfocus[.]xyz while analyzing pages t
While inspecting dubious webpages, our researchers discovered the vipcaptcha[.]live rogue site. It promotes browser notification spam and can cause redirects to different (likely deceptive/hazardous) websites. Users are most commonly redirected to pages like vipcaptcha[.]live by sites that use rog
Our research team discovered the Bulwark ransomware during a routine inspection of new submissions to VirusTotal. This malicious program belongs to the MedusaLocker ransomware family. We launched a sample of Bulwark on our test machine, it encrypted files and appended their filenames with a ".bul
While testing multi-searches.com, our team discovered that it is a search engine that does not generate its own results (it shows results generated by another search engine). Therefore, we classified multi-searches.com as a fake search engine. Typically, search engines of this type are promoted vi
While examining the ViewOrigin application, we learned that it shows annoying advertisements can read sensitive information. Apps whose purpose is to display advertisements are called advertising-supported apps (or adware). We discovered the ViewOrigin application on a deceptive web page claimin
We discovered a new Dharma ransomware variant called Cyberpunk. It encrypts files, appends the victim's ID, cyberpunk@onionmail.org email address, and ".CYBER" extension to filenames, and provides two ransom notes. Cyberpunk provides one ransom note in a pop-up window and another in the "CYBER.txt
ArrowRAT is the name of a Remote Access Trojan (RAT) that allows threat actors to perform various malicious activities on infected/accessed computers. ArrowRAT is offered as Malware-as-a-Service (MaaS). Its creators offer three subscription plans: monthly ($100), three months ($300), and lifetime
While inspecting suspicious websites, our research team discovered the suldo[.]click rogue page. Sites of this kind are designed to promote deceptive material, push browser notification spam, and redirect visitors to other (likely unreliable/malicious) pages. When we investigated suldo[.]click, i
NFT Tab is a rogue browser extension that our researchers discovered while inspecting untrustworthy sites. This extension is presented as a tool that provides easy access to trending NFTs (Non-Fungible Tokens) and other related news. Our analysis revealed that NFT Tab operates as a browser hijacke
HARDBIT is a piece of malicious software categorized as ransomware. It is designed to encrypt data and demand payment for the decryption. Once we executed a sample of HARDBIT on our test system, it began encrypting files and modified their titles. Original filenames were appended with a unique ID