GGR is the name of a malicious program, which is part of the VoidCrypt ransomware group. It is designed to encrypt data and demand payment for the decryption. The locked files are retitled following this pattern: original filename, cyber criminals' email address, unique ID assigned to the victim,
Once opened, tiktok-flow[.]com asks for permission to deliver notifications. Also, it can open questionable websites. Notifications from pages like tiktok-flow[.]com cannot be trusted. There are many pages like tiktok-flow[.]com, for example, rushpushy[.]com, cobwebcircle[.]site, and press-news-fo
Emoxan[.]xyz is a rogue site sharing common traits with breaking-news.me, hisqueost.xyz, onemacusa.com, and thousands of others. It is designed to load questionable content, push its browser notifications, and/or redirect visitors to various (likely unreliable or malicious) webpages. Most users a
Arfanbajt[.]xyz uses a clickbait technique to trick visitors into granting it permission to show notifications and opens various questionable pages. A couple examples of other pages similar to arfanbajt[.]xyz are rushpushy[.]com, hdvideosnet[.]com, and setonna[.]com. Arfanbajt[.]xyz displa
Similar to hdvideosnet.com, hisqueost.xyz, more*.biz, antom.xyz, and many others, breaking-news[.]me is a rogue website. It operates by presenting visitors with questionable material and/or redirecting them to various (likely suspect or malicious) webpages. Most users enter these sites via redire
Rushpushy[.]com asks for permission to show notifications and promotes shady web pages. There are dozens of pages like rushpushy[.]com, for example, press-news-for[.]me, theresults[.]net, and robo-checker[.]top. Most of them are promoted via dubious ads, other pages of this kind, or potentially un
Setonna[.]com uses a clickbait technique (loads a fake CAPTCHA) to trick visitors into allowing it to display notifications and opens shady pages. More examples of similar pages are tthematt[.]xyz, hisqueost[.]xyz, and cobwebcircle[.]site. Users open these sites unintentionally. Setonna[.]
Shasha encrypts files and appends the ".shasha" extension to their filenames. For instance, it renames "1.jpg" file to "1.jpg.shasha", "2.jpg" file to "2.jpg.shasha", and so on. Also, Shasha creates a ransom note, the "READ_ME.txt" file, and changes the desktop wallpaper. Screenshot of a messa
"SAFEMOON Giveaway" refers to a scam promoted on various deceptive sites. This scheme promises five times the return on the SafeMoon cryptocurrency users transfer to it. To elaborate, the scam requests users to invest at least 500,000,000 in SafeMoon by transferring it to the listed cryptowallet
Tthematt[.]xyz displays a fake CAPTCHA to trick visitors into clicking the "Allow" button and can open two, three questionable websites. There is a very low chance that users would open tthematt[.]xyz intentionally. This page shares similarities with cobwebcircle[.]site, press-news-for[.]me, and m