While inspecting dubious download websites, our researchers discovered the Nino Colors rogue browser extension. It is promoted as a tool capable of changing webpage background colors. However, our analysis of this extension revealed that it operates as adware instead. Advertising-supported
Salletsilvully[.]com is a deceptive website designed to trick visitors into allowing it to show notifications. Our team discovered it while inspecting other sites that use rogue advertising networks (various illegal streaming, torrent, adult, and similar sites). Another problem with Salletsilvully
Mscreviews[.]com is a rogue webpage that our researchers discovered while checking out dubious sites. This page promotes browser notification spam with the use of fake CAPTCHA verification. Additionally, it can redirect users to other (likely untrustworthy/dangerous) websites. Most users enter ms
AndreiHelp is ransomware belonging to the Spora ransomware family. We discovered it while checking the VirusTotal page for recently submitted malware samples. The purpose of AndreiHelp ransomware is to encrypt files. In addition to encrypting files, it renames them and drops the "Read_Me!_.txt" fi
While inspecting new submissions to VirusTotal, our researchers found the OutlookWade application. After analyzing this app, we determined that it operates as adware and belongs to the AdLoad malware family. Advertising-supported software (adware) runs intrusive advertisement campaigns.
While examining advtreviews[.]com, our team found that it is one of the many untrustworthy pages designed to lure visitors into agreeing to receive notifications. Also, advtreviews[.]com can redirect visitors to another (virtually identical) website. We encountered this site while inspecting other
After inspecting this "Trust Wallet" email, we determined that it is spam that operates as a phishing scam. Letters of this spam campaign are presented as alerts regarding the imminent suspension of recipients' "Trust Wallets" - to prevent which the log-in credentials have to be re-verified. It m
While analyzing malware samples submitted to VirusTotal, our team discovered ransomware belonging to the Djvu family called Qqri. It encrypts files and renames them by appending the ".qqri" extension to their filenames. Also, Qqri drops the "_readme.txt" file (a text file containing a ransom note)
While inspecting the advtpro[.]com site, we learned that it displays deceptive content to lure visitors into agreeing to receive notifications. Also, advtpro[.]com can redirect visitors to a virtually identical page. Our team found the advtpro[.]com site while examining pages that use rogue advert
Lpnothome[.]com is a website that wants to show untrustworthy notifications. It also redirects visitors to other shady pages. Lpnothome[.]com uses a clickbait technique to lure visitors into allowing it to send notifications. Our team discovered lpnothome[.]com while examining websites that use ro