We inspected full-mark[.]xyz and learned that the purpose of this page is to trick visitors into agreeing to receive notifications. It uses a clickbait technique (displays deceptive content) as a lure. Also, full-mark[.]xyz redirects to scam websites. Full-mark[.]xyz shows a deceptive mess
While inspecting new submissions to VirusTotal, our researchers discovered the LATCHNETWORK ransomware-type program. It is pertinent to mention that this malicious program is part of the MedusaLocker ransomware family. After we executed a sample of LATCHNETWORK on our test machine, it encrypted f
Vohuk is ransomware that prevents victims from accessing files by encrypting them. Also, it replaces filenames with a string of random characters and appends the ".Vohuk" extension to them, changes the desktop wallpaper, and drops the "README.txt" file. The dropped text file contains a ransom note
Our research team discovered the alltopspot[.]com rogue page. It promotes browser notification spam and redirects users to different (likely unreliable/harmful) websites. Users typically enter alltopspot[.]com and similar sites through redirects caused by pages using rogue advertising networks.
Our research team discovered the mysecuritydatabase[.]live rogue page while checking out dubious websites. This webpage promotes scams (e.g., "Norton Security - Your PC Might Be Infected With Viruses!") and spam browser notifications. Furthermore, mysecuritydatabase[.]live can redirect users to ot
Nativepclink[.]com is a rogue site discovered by our researchers while inspecting suspicious websites. It is designed to run scams, promote spam browser notifications, and redirect visitors to different (likely untrustworthy or hazardous) pages. Users typically access websites like nativepclink[.
DRCRM is a ransomware that our researchers found while checking out new submissions to VirusTotal. It is yet another malicious program belonging to the VoidCrypt ransomware family. On our test machine, DRCRM encrypted files and altered their titles. The ransomware appended original filenames with
During the examination of protectionservicespc[.]site, we found that it uses fraudulent marketing to promote antivirus software. This page shows deceptive (fake) messages to trick visitors into believing that their computers are infected and purchasing antivirus subscriptions. Also, protectionserv
During a routine inspection of suspicious websites, our research team discovered the steadycaptcha[.]live rogue page. It promotes browser notification spam and redirects visitors elsewhere (likely untrustworthy/harmful) webpages. Users typically enter steadycaptcha[.]live and sites akin to it - v
CryptBIT 2.0 is a new variant of CryptBIT ransomware. We discovered it while examining samples submitted to VirusTotal. CryptBIT 2.0 encrypts files, appends ".cryptbit" extension to filenames, changes the desktop wallpaper, and drops the "CryptBIT2.0-restore-files.txt" file. The text file dropped