While inspecting wnprt[.]club, our team learned that it has two purposes: to trick visitors into believing that their computers are infected (and purchasing antivirus software) and allowing it to show notifications. It runs the "McAfee - Your PC is infected with 5 viruses!" scam. We discovered wn
Our researchers discovered the analysissoftwarecentr[.]com rogue webpage during a routine inspection of questionable websites. This page is designed to promote scams, push spam browser notifications, and redirects visitors to other (likely untrustworthy/malicious) sites. Users typically access an
Our research team discovered the RankBet rogue app while inspecting new submissions to VirusTotal. After installing this piece of software onto our test system, we learned that it operates as adware. It is noteworthy that RankBet belongs to the AdLoad malware family. Adware stands for ad
S.O.V.A. is the name of a banking trojan targeting Android devices. As its classification implies, this malware seeks to obtain baking and finance-related data. However, this trojan has a wide variety of functionalities and can be used to cause varied problems. S.O.V.A. is proliferated und
While inspecting new submissions to VirusTotal, our research team discovered the MMXXII ransomware. This malicious program is part of the Phobos ransomware family. After executing a sample of MMXXII on our test system, it began encrypting files and altering their filenames. The titles of the affe
CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. It is known that CapraRAT is used by an advanced persistent threat group (ATP) called APT36 (also known as Earth Karkaddan). CapraRAT allows attackers to perform
Ourhugenews[.]com is a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. This page promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) websites. Users typically access such pages via redirects caused by site
After examining this email, we concluded that it is a fake letter from PayPal regarding account status. It is sent by scammers who aim to trick recipients into providing sensitive information. This email contains a link that opens a phishing website (a fake PayPal page asking to provide login cred
Our researchers found the OkHacked ransomware during a routine inspection of new submissions to VirusTotal. This malicious program is based on the Chaos ransomware, and it is designed to encrypt data and demand payment for the decryption. After we executed a sample of OkHacked on our test machine
Netlock is ransomware designed to encrypt files, append the ".netlock" extension to filenames, and create the "how_to_back_files.html" file that contains a ransom note. Our team discovered Netlock while examining samples submitted to the VirusTotal page. We also found that Netlock is part of the M