Recently, a new ransomware called GonnaCope was discovered by Petrovic. It was found that GonnaCope not only encrypts files but also deletes files and replaces them with some random files (files with the ".cope" extension). Files encrypted by GonnaCope do not have a new extension. Also, GonnaCope
While inspecting untrustworthy sites, our researchers found the deviceunder-shield[.]com rogue webpage. It is designed to load scams, push browser notification spam, and redirect visitors to other (likely dubious/malicious) websites. Most users enter deviceunder-shield[.]com and sites akin to it v
Goodcaptcha[.]top is a website designed to trick visitors into allowing it to show notifications. Another problem with this site is that it can open other untrustworthy pages. Our team has discovered goodcaptcha[.]top while inspecting sites that use shady advertising networks (websites that displa
Fill darker is a rogue browser extension that our research team discovered while inspecting scam download sites. Following our analysis, we determined that this extension operates as advertising-supported software (adware). Adware may require certain conditions (e.g., compatible browser, s
When we downloaded and examined the DigitalConverterz application, we learned that it is a browser hijacker that changes the settings of a web browser to digitalconverterz.com. The purpose of this app is to promote a fake search engine. Our team found this app while visiting/inspecting shady websi
While inspecting shady websites, we discovered the savingm[.]com page. This rogue webpage promotes deceptive material, pushes browser notification spam, and redirects visitors to other (likely untrustworthy/malicious) sites. Most users enter websites like savingm[.]com through redirects caused by
Protectpc[.]xyz is a shady website running a scam similar to "McAfee - Your PC is infected with 5 viruses!". Also, this page asks for permission to show notifications. Our team has discovered protectpc[.]xyz while inspecting illegal movie streaming pages, torrent sites, and other pages that use ro
Axxes is ransomware (a rebranded version of Midas ransomware) that encrypts files and appends the ".axxes" extension to their filenames. We have discovered this malware while examining samples submitted to VirusTotal page. Axxes creates the "RESTORE_FILES_INFO.hta" file, which contains a ransom no
BestSearchIncognito is a rogue browser extension. After analyzing this piece of software, we determined that it operates as a browser hijacker. BestSearchIncognito modifies browser settings to promote the bestsearchincognito.com fake search engine. After being successfully installed onto o
FreeSearchStreams is a browser hijacker designed to promote freesearchstreams.com, a fake search engine. It promotes this address by hijacking a web browser (by changing its settings). We have discovered FreeSearchStreams while inspecting various shady websites. We found that FreeSearchStr