Advnottech[.]com is a rogue webpage that operates by pushing browser notification spam and redirecting visitors to other (likely untrustworthy/malicious) sites. Our researchers discovered this page while inspecting websites that use rogue advertising networks. Most users access advnottech[.]com (
Our research team found the updatenotification[.]xyz rogue page during a routine inspection of untrustworthy sites. It is designed to promote deceptive content (scams), push browser notification spam, and redirect visitors to different (likely unreliable/malicious) webpages. At the time of researc
Our team has examined this email and learned that it is part of a phishing campaign. Scammers behind it attempt to trick recipients into providing sensitive information via the provided website. The email is disguised as a letter from the Ministry of Finance of Spain. It is written in the Spanish
ZareuS is ransomware that encrypts files and appends the ".ZareuS" extension to filenames. We discovered this ransomware on the VirusTotal page (while checking the page for recently submitted samples). ZareuS provides contact and payment instructions in its ransom note, a text file named "HELP_DEC
While inspecting new submissions to VirusTotal, our research team discovered the ElementForce application. After analyzing this piece of software, we learned that it is adware belonging to the AdLoad malware family. Adware enables the placement of third-party graphical content (various a
BasicTransaction is the name of a rogue application that we found while inspecting new submissions to VirusTotal. Our analysis of this app revealed that it operates as advertising-supported software (adware) and belongs to the AdLoad malware family. Adware is designed to deliver intrusiv
While inspecting new malware submissions to VirusTotal, our researchers discovered the Moonshadow ransomware. We determined that this malicious program is part of the VoidCrypt ransomware family. After we launched a sample of Moonshadow on our test system, it encrypted files and altered their nam
Our team discovered FIXED while inspecting malware samples submitted to the VirusTotal page. We found that FIXED is ransomware that encrypts files and appends ".FIXED" extension to filenames. For example, it renames "1.jpg" to "1.jpg.FIXED", "2.png" to "2.png.FIXED", and so forth. Also, FIXED crea
News-fesihe[.]cc is designed to trick visitors into agreeing to receive notifications and redirect them to other shady pages. As a rule, pages like news-fesihe[.]cc are visited inadvertently. Our team has discovered news-fesihe[.]cc while examining various illegal movie streaming pages, torrent si
R3tr0 (also known as RETRO-ENCRYPTED) is ransomware belonging to the Dharma family. We discovered it while checking the VirusTotal website for recently submitted malware samples. R3tr0 encrypts files and appends the victim's ID, r3tr0crypt@tuta.io email address, and ".r3tr0" extension to filenames