Topreqdusa[.]com is a rogue site that we discovered while investigating untrustworthy websites. This page is designed to promote browser notification spam and – at the time of research – did so by employing fake CAPTCHA verification. The webpage in question can also redirect users to different (li
While inspecting questionable sites, our researchers discovered the topadvastudio[.]com rogue pages. This webpage is designed to push spam browser notifications. Furthermore, it can redirect visitors to different (likely untrustworthy/hazardous) websites. Most users enter sites like topadvastudio
Mikel is a variant of the Proxima ransomware. Malware within this classification is designed to encrypt data and demand payment. When we executed a sample of Mikel ransomware on our test machine, it encrypted files and appended their filenames with a ".mikel" extension. For example, a file initia
Odestech[.]com is a website that presents misleading messages to entice visitors into consenting to receive notifications. Typically, users arrive at these pages inadvertently. Our team found odestech[.]com while inspecting pages that use questionable advertising networks. Odestech[.]com s
Proxima is the name of a ransomware-type program. It is designed to encrypt data for the purpose of making ransom demands for decryption. After we executed a sample of Proxima on our test machine, it encrypted files and appended their filenames with a ".proxima" extension. For example, a file ini
We have inspected this letter and determined that it is a phishing email. Scammers behind it pose as a legitimate banking company (Intesa Sanpaolo). Their goal is to lure recipients into providing login information on a fake web page. Recipients should ignore this letter. The letter is wri
DarkBit is a ransomware we discovered while investigating new malware submissions to VirusTotal. It operates by encrypting data and demanding ransoms for decryption. Once we launched a sample of DarkBit on our testing system, it began encrypting files and altering their filenames. Affected files
While checking the VirusTotal site for recently submitted malware samples, our team discovered a ransomware strain dubbed Pdb. This ransomware encrypts data, appends the ".pdb" extension to filenames, and drops the "pdb.txt" file that contains a ransom note. An example of how Pdb ransomware renam
Blockedvideos[.]xyz is a rogue page we discovered while inspecting dubious websites. It operates by promoting browser notification spam and redirecting visitors to different (likely untrustworthy/harmful) sites. Most users access pages like blockedvideos[.]xyz through redirects caused by webpages
While analyzing malware samples submitted to VirusTotal, our team discovered a ransomware strain dubbed Pay. We found that Pay is part of the VoidCrypt ransomware family. It encrypts files, appends the paydecryption@gmail.com email address, victim's ID, and ".pay" extension to filenames, and drops