Fyngood.com Uses Fake Captcha to Push Intrusive Ads
While conducting a routine investigation into suspicious websites, our research team recently came across the rogue webpage fyngood.com. Its primary purpose is to inundate users with browser notification spam and... Read more
Nerz Ransomware is Based on Djvu Code to Target Random Files
During our analysis of malicious file samples, our team recently came across a variant of the Djvu ransomware family called Nerz. Similarly to its counterparts, Nerz encrypts data but adds the ".nerz" extension to the... Read more
Neqp Ransomware is a Djvu Variant Seeking Files to Encrypt
Neqp is a type of ransomware that is part of the Djvu clone family. This new variant is designed to infiltrate a victim's system and encrypt nearly all files stored on its drives. The encryption process targets a wide... Read more
Neon Ransomware Will Lock Your System
Our researchers discovered the Neon ransomware variant, which is another member of the numerous Djvu ransomware clone family. Neon encrypts files on victim systems and makes them inaccessible. Files encrypted by Neon... Read more
Download Assist Adware Hides in Browser Extension
After conducting our assessment, we have determined that the Download Assist application operates as a browser extension supported by advertisements. Our conclusion was based on the observation of advertisements being... Read more
Searchmenow.gg Pushes Browser Hijacker
During our evaluation of searchmenow.gg, we uncovered its dubious nature as a search engine. Our team encountered searchmenow.gg when a browser hijacker was introduced to a web browser. Notably, applications designed... Read more
PostalFurious Threat Actor Targets UAE Victims with Smishing Campaign
Group-IB has identified a Chinese-speaking phishing group called PostalFurious that is conducting a new SMS campaign in the U.A.E. The group poses as postal services and toll operators to target users. Their... Read more
Juble.click Uses False Pretenses to Push Ads
During our investigation of juble.click, we uncovered a manipulative tactic employed by the website to trick visitors into granting permission for notifications. Additionally, juble.click has the ability to redirect... Read more
NoEscape Ransomware Will Render Your Files Unreadable
NoEscape operates as a Ransomware-as-a-Service, catering to other criminals who act as affiliates or customers. The ransomware builder interface allows affiliates to customize various configurations while creating the... Read more
TinyNote Backdoor Employed by Chinese Threat Actor
Camaro Dragon, a Chinese nation-state group, has once again been connected to a new backdoor that serves its intelligence-gathering objectives. According to Israeli cybersecurity company Check Point, which named the... Read more
Horabot Malware Targets Latin American Victims
Since late 2020, Spanish-speaking individuals in Latin America have faced a new form of malware known as Horabot. This botnet malware allows a threat actor to take control of a victim's Outlook mailbox, extract email... Read more
Besteasyclick.com Pushes Ads Using Fake Anti-Bot Check
While investigating untrustworthy websites, our researchers came across the besteasyclick.com rogue page. This particular webpage engages in the promotion of browser notification spam and redirects visitors to other... Read more
