SHTORM is a ransomware variant that is part of the Phobos ransomware family. Our malware researchers discovered SHTORM while analyzing malware samples submitted to the VirusTotal page. They have found that SHTORM encrypts data, modifies filenames, and creates info.hta and info.txt files (ransom no
We discovered the gadsmedia[.]com rogue site during a routine investigation of untrustworthy webpages. It operates by promoting browser notification spam and redirecting visitors to different (likely unreliable/harmful) pages. Users primarily enter webpages like gadsmedia[.]com through redirects
While inspecting untrustworthy sites, our research team discovered the asrelatercond[.]com rogue page. At the time of research, this webpage used fake CAPTCHA to trick visitors into allowing it to display spam browser notifications. Additionally, asrelatercond[.]com can redirect users to other (li
After inspecting the World Clock Tab browser extension, we determined that it is a browser hijacker. This piece of software modifies browser settings to promote (through redirects) the worldclocktab.com fake search engine. It is likely that the World Clock Tab extension also spies on users' browsi
After analyzing the DeckData application, our team has determined that it produces advertisements, leading us to classify it as a standard form of adware. Another important detail about this adware is that we have discovered it while inspecting deceptive websites. Through extensive testi
After inspecting the "PayPal - Order Has Been Completed" email – we determined that it is spam. This letter is presented as a notification regarding a successful purchase made via PayPal. This spam mail aims to trick recipients into calling the provided helpline and thus getting lured into the sca
Arashpar[.]xyz is a rogue webpage that we discovered while inspecting questionable websites. It is designed to promote browser notification spam and redirect users to different (likely unreliable/harmful) sites. Most visitors to arashpar[.]xyz and similar pages access them via redirects caused by
WhiskerSpy is the name of backdoor malware. Malware of this type is used to gain remote access to computers. It is known that WhiskerSpy is capable of executing shell commands, injecting code into another process, exfiltrating specific files, taking screenshots, and more. It should be removed from
While investigating new submissions to VirusTotal, we found a malicious program called Saw. It is part of the Xorist ransomware family, and like all programs within this group – Saw is designed to encrypt data and demand payment for its decryption. After we executed a sample of Saw ransomware on
Getnomadtblog[.]com is a deceptive website that attempts to trick visitors into subscribing to its notifications. This site may also redirect visitors to other pages of similar nature. Our team uncovered getnomadtblog[.]com while investigating illegal movie streaming websites, torrent sites, and s