After examining ourhotposts[.]com, our team learned that this page uses a clickbait technique to lure visitors into agreeing to receive notifications and redirects to other websites. This page was discovered by us while inspecting other pages that use rogue advertising networks. Usually, sites lik
Royal is the name of ransomware that encrypts files and appends the ".royal" extension to filenames (an updated variant of Royal ransomware appends ".royal_w" extension). It also creates a text file (named "README.TXT") containing a ransom note. Cybercriminals behind Royal ransomware attacks aim t
RealInfo is a rogue app that our researchers discovered during a routine inspection of new submissions to VirusTotal. After analyzing this application, we determined that it is adware belonging to the AdLoad malware family. Adware operates by displaying advertisements on various interfac
While inspecting champse[.]click, our team discovered that this page runs the "McAfee - Your PC is infected with 5 viruses!" scam and wants to show notifications. It is designed to trick visitors into believing that their computers are infected. We found champse[.]click while examining pages that
Our researchers found the desktopdefence[.]online rogue page while inspecting suspect websites. It is designed to promote scams, push browser notification spam, and redirect users to other webpages (likely unreliable or harmful) sites. Most visitors to pages like desktopdefence[.]online access th
T_TEN is the name of a new DCRTR ransomware variant. It encrypts files and appends the ".T_TEN" extension to filenames. Also, it drops the "Readme.txt" file on the desktop and displays a pop-up window (both containing ransom notes). Our malware researchers discovered T_TEN while examining malware
Defenderpage[.]xyz is a rogue webpage that our researchers discovered during a routine investigation of suspicious websites. It is designed to run online scams, promote spam browser notifications, and redirect visitors to other (likely unreliable/dangerous) sites. Users typically enter defenderpa
"Deceptive calendar events" refers to spam events created in Android device calendars by malware. The fake events are typically used to bombard victims with calendar notifications that promote various scams and malicious content. Malware that employs deceptive calendar events aims to acqui
Ubersear[.]ch is the address of a fake search engine. Typically, websites of this kind are promoted by browser-hijacking software that modifies browser settings to cause such redirects. However, ubersear[.]ch was observed being pushed by an Android-targeting malware called "Ads Blocker". This mal
While testing the StandardVirtue application, our team found that it shows intrusive advertisements. For this reason, we classified StandardVirtue as adware. Typically, adware is distributed using deceptive methods. Our team discovered StandardVirtue after downloading a fake installer from an un