While inspecting dubious websites, we discovered the maloprotect[.]xyz rogue webpage. It is designed to load deceptive material (scams), push spam browser notifications, and redirect visitors to different (likely unreliable/malicious) sites. Users typically access pages like maloprotect[.]xyz thro
AuraLookup is a rogue application that we discovered while inspecting new submissions to VirusTotal. After analyzing this app, we learned that it operates as advertising-supported software (adware) and is part of the AdLoad malware family. Adware might require certain conditions to run i
LatestFeed is a rogue applications that our researchers found while looking through new submissions o VirusTotal. After analyzing this piece of software, we determined that it operates as adware and belongs to the AdLoad malware family. Adware enables the placement of third-party graphic
Ourcommonnews[.]com is a rogue webpage that our research team found during a routine inspection of untrustworthy sites. It operates by pushing browser notification spam and redirecting visitors to other (likely unreliable/malicious) websites. Most users enter such sites via redirects caused by pag
Displayforreviews[.]com is a deceptive website that shows a fake CAPTCHA to trick visitors into allowing it to deliver notifications and redirects them to other untrustworthy websites. Most of these pages are promoted using shady methods. Our team has discovered displayforreviews[.]com while exami
While inspecting new submissions to VirusTotal, our researchers discovered the Dark Angels Team ransomware-type program. We determined that this malicious program belongs to the Babuk ransomware family. After launching a sample on our test machine, we learned that it encrypts files and appends th
Spiderlock is the name of ransomware belonging to a ransomware family called ZEPPELIN. We discovered it while inspecting samples submitted to the VirusTotal page. It was found that Spiderlock encrypts files and appends ".sl.[victim's_ID]" to filenames. Also, it creates the "ALL YOUR FILES ARE ENCR
Advertismentzone[.]com displays a fake CAPTCHA to trick visitors into agreeing to receive notifications. Also, it redirects to another (identical) website. Most websites like advertismentzone[.]com are promoted via other pages that use shady advertising networks. We have discovered advertismentzon
We have discovered a new ransomware variant called Starmoon. It was found on VirusTotal (while analyzing the malware samples submitted to this page). Starmoon is part of the Spora ransomware family. It encrypts files and appends the victim's ID, starmoon@my.com email address, and four random chara
Captchamode[.]top is designed to display deceptive content to trick visitors into allowing it to deliver untrustworthy notifications. Additionally, it can redirect to various shady websites. In most cases, pages like captchamode[.]top are visited inadvertently. We have discovered this site while a