Threats
Nerz Ransomware is Based on Djvu Code to Target Random Files
During our analysis of malicious file samples, our team recently came across a variant of the Djvu ransomware family called Nerz. Similarly to its counterparts, Nerz encrypts data but adds the ".nerz" extension to the... Read more
Neqp Ransomware is a Djvu Variant Seeking Files to Encrypt
Neqp is a type of ransomware that is part of the Djvu clone family. This new variant is designed to infiltrate a victim's system and encrypt nearly all files stored on its drives. The encryption process targets a wide... Read more
Juble.click Uses False Pretenses to Push Ads
During our investigation of juble.click, we uncovered a manipulative tactic employed by the website to trick visitors into granting permission for notifications. Additionally, juble.click has the ability to redirect... Read more
Buymaxfield.com Uses Fake Anti-Bot Check to Mislead Visitors
Buymaxfield.com is an illegitimate website deliberately crafted by dishonest individuals with the aim of deceiving users and exploiting them for profit through pay-per-click (PPC) advertising. These unethical scammers... Read more
DarkRace Ransomware Locks Victim's Files
Security researcher S!Ri recently uncovered DarkRace, a type of ransomware that operates by encrypting files. As part of its malicious actions, the malware adds its own extension (".1352FF327") to the original... Read more
'Office Printer' Email Scam Phishes for Credentials
After careful examination of this email, our team has determined that it is an illegitimate message sent by scammers with the intention of tricking recipients and obtaining their personal information. The email has... Read more
PostalFurious Threat Actor Targets UAE Victims with Smishing Campaign
Group-IB has identified a Chinese-speaking phishing group called PostalFurious that is conducting a new SMS campaign in the U.A.E. The group poses as postal services and toll operators to target users. Their... Read more
Horabot Malware Targets Latin American Victims
Since late 2020, Spanish-speaking individuals in Latin America have faced a new form of malware known as Horabot. This botnet malware allows a threat actor to take control of a victim's Outlook mailbox, extract email... Read more
Besteasyclick.com Pushes Ads Using Fake Anti-Bot Check
While investigating untrustworthy websites, our researchers came across the besteasyclick.com rogue page. This particular webpage engages in the promotion of browser notification spam and redirects visitors to other... Read more
Dev-defense.com Pushes Rogue Ad Networks
Dev-defense.com functions as a deceitful webpage aimed at promoting questionable content and inundating users with browser notification spam. Additionally, it possesses the capability to redirect visitors to various... Read more
Comedyrent.com Seeks to Spam Unsolicited Ads
During our routine investigation of suspicious websites, our researchers came across the comedyrent.com fraudulent page. Its main purpose is to facilitate the dissemination of browser notification spam. Moreover, this... Read more
What is the Antivirusscanfix.xyz Browser Hijacker?
If you find that your browser keeps getting redirected to the Antivirusscanfix.xyz website, it is likely that you have an undesired browser extension or a malicious program installed on your device.... Read more
TinyNote Backdoor Employed by Chinese Threat Actor
Camaro Dragon, a Chinese nation-state group, has once again been connected to a new backdoor that serves its intelligence-gathering objectives. According to Israeli cybersecurity company Check Point, which named the... Read more
Neon Ransomware Will Lock Your System
Our researchers discovered the Neon ransomware variant, which is another member of the numerous Djvu ransomware clone family. Neon encrypts files on victim systems and makes them inaccessible. Files encrypted by Neon... Read more
Download Assist Adware Hides in Browser Extension
After conducting our assessment, we have determined that the Download Assist application operates as a browser extension supported by advertisements. Our conclusion was based on the observation of advertisements being... Read more
SpinOK Android Malware Downloaded Over 400 Million Times, in 100+ Compromised Apps
Security researchers made a significant finding regarding an Android software component that possesses spyware capabilities. Its primary function is to gather information on files stored on devices and facilitate... Read more
Lolydatingcool.top Uses Fake Video to Spam Ads
After conducting an examination of lolydatingcool.top, we have made several notable findings regarding its deceptive practices aimed at coercing visitors into subscribing to notifications. Additionally, this website... Read more
Boney-blog.com Pushes Ads by Abusing Push Notifications
Boney-blog.com is an illegitimate website specifically created to endorse browser notification spam and redirect users to other sites that are likely unreliable or potentially dangerous. Many visitors access... Read more
