While investigating questionable sites, our research team found the rpconcepts[.]xyz rogue webpage. It is designed to endorse browser notification spam and produce redirects to different (likely untrustworthy/hazardous) websites. Rpconcepts[.]xyz and analogous pages are mainly accessed via redirec
Ryouthed[.]com is a rogue page discovered by our researchers during a routine investigation of suspicious websites. After inspecting this webpage, we learned that it promotes browser notification spam and generates redirects to different (likely unreliable and/or hazardous) sites. Most visitors t
We have examined RTRUE and found that it operates as ransomware. Once executed, it encrypts files, appends the ".RTRUE" extension to them, and drops a ransom note ("readme.txt"). An example of how files encrypted by RTRUE are renamed: "1.jpg" is changed to "1.jpg.RTRUE", "2.png" to "2.png.RTRUE",
Our analysis of thethunnic[.]com has shown that this page uses clickbait to get permission to send notifications. If it obtains this permission, it can show deceptive warnings and other misleading messages to trick users into opening other, potentially malicious websites. Thethunnic[.]com and simi
Our researchers found the Dev ransomware while browsing new submissions to the VirusTotal website. This malicious program is part of the Makop ransomware family. Ransomware operates by encrypting victims' files to demand ransoms for the decryption. After we executed a sample of Dev on our test ma
We have inspected the site (shlbamanyu[.]com) and discovered that it promotes a fake cryptocurrency giveaway (airdrop). The scammers operating this deceptive site seek to steal cryptocurrency from visitors. It is also important to note that this fake page mimics the original one (manyudog.xyz) to
Our researchers discovered this fake "Yala" airdrop during a routine investigation. This webpage is supposedly associated with Yala; in fact, this page is in no way connected to the real protocol of this name (yala.org). The purpose of this scam site is to deceive users into exposing their digital
Our researchers discovered navronexo.co[.]in while browsing dubious websites. After examining this rogue page, we determined that it endorses browser notification spam and produces redirects to other (likely unreliable/harmful) websites. Navronexo.co[.]in and analogous webpages are mainly entered
Clotomonia.co[.]in is a rogue webpage discovered by our researchers while investigating dubious sites. Its goal is to promote browser notification spam and redirect users to other (likely unreliable/dangerous) websites. The majority of visitors to clotomonia.co[.]in and similar pages access them t
While investigating dubious websites, our researchers discovered this fake "Web3 Crypto Exchange Platform" (syncnoderesolver[.]com; possibly other domains). Instead of providing the promised services, this webpage tricks users into exposing their cryptowallets to a cryptocurrency drainer. IM