Click-on-this.news is a deceptive site that relies on a fake video player to gain the user's permission to use their Web browser notifications. Users may stumble upon Click-on-this.news' misleading content while looking for pirated movies, sports streams and other illicit media. When Click-on-this.news' page opens, users will be asked to press 'Allow' to watch a video – however, fulfilling this demand will not provide you with the content you were looking for. Instead, it will end up...

Alltopnewz.com, contrary to what its name says, is not a website that provides you with the news. In fact, this page does not provide any relevant content, and its only purpose is to show misleading messages whose sole purpose is to trick you into permitting Alltopnewz.com's notifications in your browser. Alltopnewz.com says that it is mandatory to click 'Allow' to continue watching a video, but this is not true – the page does not play any content if this condition is met. Furthermore, sites...

Dabluehole.com is a misleading page that uses fake pop-ups and messages to trick users into granting the page escalated permissions. Thankfully, Dabluehole.com is not able to abuse its newly gained permissions for harmful purposes. Instead, it is happy to simply exploit your browser notifications to deliver an ongoing stream of unwanted advertisements. The Dabluehole.com notifications can be very intrusive and bothersome, especially because they will show up on any website you browse. The...

Alpha Search is a misleading browser extension whose installer may bring unwanted changes to your Web browser's behavior and configuration. Users who install Alpha Search may experience unwanted redirects to websites that they have not seen before. One of the most common changes linked to Alpha Search's installation is having your default new tab page and search engine set to Alphasearch.co. This is not an unsafe change, but it may worsen your Web browsing and Web searching sessions...

The Woodrat Ransomware is a file-locking Trojan without any known family or Ransomware-as-a-Service connections. The Woodrat Ransomware blocks media files with encryption and holds them hostage until victims pay the ransom in Monero coins, a cryptocurrency. Users should withhold the ransom and recover from backups if they can do so while having dedicated anti-malware solutions to remove the Woodrat Ransomware infections. While malware researchers see no 'true' RAT or Remote Access Trojans...

DanDrop is a threatening implant, whose development and usage is attributed to a cybercrime organization operating in the Middle East. DanDrop's creators, known as the Lyceum Advanced Persistent Threat (APT) group, are specializing in attacks against companies in the oil, gas and telecommunications. Their threatening operations' goal is to exfiltrate data and credentials from the compromised networks while leaving minimal traces of their activity. DanDrop appears to be one of the most...

The Lyceum APT is a threat actor that hacks targets related to telecommunications media, oil, and gas industries in the Middle East preferentially. Their attacks regularly involve deploying password collectors and Remote Access Trojans through corrupted, e-mailed documents. Users should protect themselves by the usual methods, such as disabling macros and updating software and let automated security tools remove the Lyceum APT's Trojans and spyware as they're identifiable. Alternately...

DanBot is a second-stage payload that has been used in multiple attacks against various companies in the Middle Eastern region. The malware is believed to be the Lyceum APT product, and it has been used since April 2018 actively. The threat has the features of a Remote Access Trojan (RAT,) but its operators are focused on collecting credentials and files from the compromised systems. Furthermore, the DanBot RAT may sometimes be used to deploy corrupted PowerShell scripts that add further...

Seeing notifications in your Web browser by Giraudules.club means that this page has hijacked your notifications successfully. Thankfully, this is not a security concern – the website cannot cause any harm, but its notifications may bother you a lot because of the fact that they appear all the time. Giraudules.club's notifications are used to deliver paid advertisements, which generate revenue for the page's administrators – as you can probably guess, these advertisements are not relevant and...

Perspecify.club is a deceptive site that lies to its visitors by displaying a message saying that they have to confirm their identity by pressing 'Allow.' According to the page, this action is a typical anti-robot check. Still, the truth is that the 'Allow' button is meant to grant Perspecify.club the ability to use your Web browser notifications. If these permissions are given to the misleading site, it may use it to flood active browser windows with dozens of unwanted notifications that...

The 'TROJAN Error Code 0xdc2dgewc' pop-up scam is a deceptive message hosted on fake websites that are being promoted with the help of online advertisements that users may encounter on low-quality websites. The websites that may display the 'TROJAN Error Code 0xdc2dgewc' pop-up scam are usually related to adult content, gambling services, pirated downloads and other shady content. These pop-ups' motivation is to convince you that your system is under attack by a threatening virus, and you...

The Fresh Ransomware is a file-locker Trojan that's part of Dharma Ransomware's family, a Ransomware-as-a-Service that hires its Trojans out to third-party criminals. Safe backups are essential for protecting data from this threat, which can block files indefinitely with its encryption routine. However, most Windows users also can avail themselves of appropriate security services to stop attacks or uninstalling the Fresh Ransomware immediately. The  Dharma Ransomware  family...

The SANTA_CRYPT Ransomware is a file-locking Trojan that blocks media on Windows systems by encrypting it. Users should recover from any backups, if available, although free decryption solutions also may be possible. Dedicated security and anti-malware products also should stop most infection attempts and remove the SANTA_CRYPT Ransomware from already-compromised PCs. With so many Ransomware-as-a-Services and other Trojan families thriving, users might forget that anyone can program a...

The PwnPOS malware is likely to have been active in the wild since 2013, but it managed to go unnoticed thanks to the basic, but effective anti-detection measures that its creators had implemented. This malware family consists of two components that cooperate in collecting information from an infected device. The first module, the memory scraper, reads the memory used by specific processes and looks for data that matches the one used by credit cards. If a match is found, PwnPOS will use the...

RtPOS is a piece of malware specialized in infecting Point-of-Sale (POS) devices and then scraping their Random Access Memory (RAM) to collect customers' credit card information. However, there are some captivating things about this malware family in particular. For starters, it does not include as many features as other popular POS malware, and, surprisingly, it also is incapable of sending the collected data to a remote server. This means that the attackers would need to have physical or...

XDDown is a piece of malware whose development and usage is attributed to a recently identified cybercrime organization known as XDSpy. XDDown is the group's signature piece of malware, and over the past few years, it has been used to compromised networks and servers all around Eastern Europe. Remnants of the XDDown malware's activity were discovered on the networks of political entities and Non-Governmental Organizations (NGOs) in multiple countries in the region – Russia, Moldova, Serbia...

SilentFade is spyware that collects Facebook account credentials for facilitating the non-consensual display of corrupted advertisements. This threat uses semi-innovative obfuscation techniques for hiding itself and often installs through a bundle with other, illegally-downloaded software. Users should curate their download behavior for risky files and let dedicated anti-malware tools to handle the removal of SilentFade software. Social networking accounts' hijacking remains very...

Fake downloads are a trick that may not always be used to deliver malware or Potentially Unwanted Programs (PUPs). In some cases, online con artists may use fake downloads to trick users into applying certain changes to their Web browser's configuration. The fraudsters may claim that the change is required to complete the download. This is the tactic found on Lewsheaned.club – a website that you may encounter if you try to download pirated content from the Web. Lewsheaned.club pretends to be...

Bhutantravellink.com is a bogus website that you may encounter while trying to access shady online content such as pirated sports streams, game cracks, software activators, adult videos, and others. When you see Bhutantravellink.com in your browser, you may be told to click 'Allow' to continue browsing. Many users might follow the instructions to get to their content faster instinctively, but by clicking the 'Allow' button, they will subscribe to Bhutantravellink.com's notifications. The...

Choslovaks.club is a website that wants to access your browser notifications by using misleading instructions and messages. Visitors of this page are told that they have to certify that they are real humans by clicking the 'Allow' button on top of the page. However, if you read into the on-screen instructions your browser displays, you will see that this action will subscribe you to Choslovaks.club's notifications. If this is allowed to happen, the page will be able to bombard your browser...