Wanqu is the name of ransomware that encrypts and renames files (by appending the ".Wanqu" extension) and drops "RESTORE_FILES_INFO.txt" and "RESTORE_FILES_INFO.hta" files (ransom notes) on the desktop. Our team discovered Wanqu while inspecting malware samples submitted to the VirusTotal website.
While investigating new submissions to VirusTotal, our researchers found the AuroraShack application. After analyzing it, we determined that this app operates as adware (i.e., runs intrusive ad campaigns) and belongs to the AdLoad malware family. Adware stands for advertising-supported s
A new version of Android malware has emerged recently, targeting customers of Indian banks. Cybercriminals behind this campaign are using fake banking rewards applications to trick users into installing information-stealing malware with remote access trojan (RAT) capabilities. Their goal is to ste
While investigating untrustworthy sites, our researchers found the mscmart[.]com rogue page. It pushes spam browser notifications and redirects visitors to other (likely questionable/malicious) websites. Users typically enter mscmart[.]com and similar pages through redirects caused by websites usi
Pushyoumail[.]com is a rogue website that promotes browser notification spam and causes redirects to different (likely untrustworthy/malicious) sites. Our research team discovered this page during a routine investigation of suspicious websites. Users typically enter webpages of this kind via redir
While inspecting dubious webpages, our researchers discovered the service-2022[.]site rogue site. It operates by promoting scams, pushing browser notification spam, and redirecting visitors to other (likely untrustworthy/malicious) websites. Most users access pages like service-2022[.]site via re
Fonto[.]club is a rogue page that our researchers discovered while inspecting suspicious websites. It is designed to promote deceptive material, push browser notification spam, and redirect visitors to other (likely untrustworthy/harmful) webpages. Most users enter fonto[.]club and similar websit
After examining basis-antivirus[.]com, we found that this page is designed to trick visitors into paying for legitimate software by displaying deceptive content. Also, it asks visitors for permission to show notifications. Our team discovered basis-antivirus[.]com while inspecting websites that us
Exploretoday.co is the URL of a fake search engine. These websites are typically promoted by browser-hijacking software, which modifies browser settings in order to cause redirects to illegitimate search engines. Furthermore, both the promoted sites and browser hijackers usually collect private da
While examining wukbgater[.]buzz, we found that this page uses a clickbait technique to trick visitors into agreeing to receive notifications. Also, it redirects to other shady websites. Thus, wukbgater[.]buzz cannot be trusted/should not be visited. Our team discovered wukbgater[.]buzz while insp