Push-time.com is unsafe website, that is used for social engineering attack in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Edge browsers on Windows, Mac or Android operating systems. Main goal of such shady websites is to subscribe users to browser notifications, using trickery and fraud. Notifications is a function in modern browsers, when news or subscription updates are delivered to the desktops even when the browser’s window is closed. The idea behind this, is to inform users about hot news, social networks updates or new YouTube videos from subscriptions. However, cool feature was turned to their advantage by advertising networks. The Push-time.com is one of thousands domains, using similar technique to fool unsuspecting users.
Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[email@example.com].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.
STOP Ransomware (DJVU Ransomware) is high-risk widespread encryption virus, that first appeared near 1 year ago. It experienced several visual and technical changes throughout the time. In this tutorial we will analyse recent versions of this dangerous malware. In April of 2019, STOP Ransomware started to add following extensions to encrypted files: .browec, .guvara, .etols, .grovat or .grovas. They are sometimes called “Browec Ransomware”, “Guvara Ransomware”, “Etols Ransomware”, “Grovas Ransomware” and “Grovat Ransomware” respectively. Virus also modifies the hosts file to block Windows updates, antivirus programs, and sites related to security news or offering security solutions. The process of infection also looks like installing of Windows updates, malware shows fake window, that imitates update process.
MacAppExtensions (Adware.MAC.Linkury.C) is malware related to Search.tapufind.com hijacker, that we described in some of our earlier articles. It works in MacOS and targets Safari, Google Chrome and Mozilla Firefox browsers. The main symptom is, that your browsers search and homepage settings change to search.tapufind.com, and this setting cannot be modified until MacAppExtensions is removed. However, this virus not only hijacks the browser, but also gathers private information about its user (collects data related to browsing activity: geolocations, entered search queries, URLs of visited websites, IP addresses etc.).
Robotcaptcha.info is adverse domain, that may show unwanted pop-ups and ads in Google Chrome, Mozilla Firefox, Internet Explorer Safari or Edge browsers on Windows, Mac or Android operating systems. Landing pages from Robotcaptcha.info appear from nowhere and offer users to subscribe to notifications. This is feature in modern browsers, that help users get actual news in faster and convenient way. However, on the other side of this, when website is of advertising nature, users start receiving ads, pop-ups, tech support scam messages on their desktops. This is an element of social engineering, and clicking “Allow” button, actually, subscribes users to notifications. At the same time, Robotcaptcha.info initiates standard dialog box window with option to allow or block notifications from site you are visiting. If person clicks on the “Allow” button, users will start receiving unwanted pop-up ads from Robotcaptcha.info directly on the desktop even when browser is closed.