This "Leave Request Form" message is a phishing email. The spam message claims that HR has shared a leave request form with the recipient. The goal of this scam is to deceive victims into revealing their email account log-in credentials to a phishing website. This spam email claims to be a
Our examination of this "Human Resource Internal Memo" email revealed that it is spam. This phishing message aims to trick recipients into revealing their email account log-in credentials by luring them with a fake salary compensation report. The spam email with the subject "Annual Payroll
After inspecting this "OneDrive - You Have A New Document" email, we determined that it is fake. This spam message alerts of a document concerning salary bonuses sent to the recipient. It must be emphasized that this scam email is not associated with the actual Microsoft OneDrive. The goal is to d
While investigating suspicious sites, our researchers discovered this fake "Pi Network Airdrop". It is a phishing scam targeting cryptocurrency wallet log-in credentials; victims are lured into exposing this information by the promise of an airdrop. It must be emphasized that this scam is not asso
Our researchers discovered the KaWaLocker ransomware while reviewing new malware submissions to the VirusTotal website. Malicious software within this category is designed to encrypt data and demand ransoms for the decryption. On our test machine, KaWaLocker encrypted files and added an extension
SparkKitty is a spyware named so for its similarities with the SparkCat malware. Evidence such as some variants of SparkKitty being built using the same framework as SparkCat, having the same functionality, and sharing a similar targeting pattern suggest a connection between these programs. There
We have inspected the email and found that it promotes a fraudulent scheme. This scam email is disguised as a notification from Coinbase regarding wallet transitions. Its purpose is to lure unsuspecting recipients into taking actions that could result in the theft of their cryptocurrency. This ema
We have inspected the page (dapp-hyperswap[.]network) and found that it is a copy of the original HyperSwap site (hyperswap.exchange). The fake website promotes a fake airdrop to trick users into taking actions that allow scammers to steal their cryptocurrency. Such pages should be identified as s
We have examined stylemeshconnect[.]com and concluded that the purpose of this page is to promote the "You've visited illegal infected website" scam and obtain permission to show notifications. If allowed, stylemeshconnect[.]com can send deceptive notifications to promote more scams and other onli
UraLocker is ransomware that we discovered during our routine inspection of samples uploaded to VirusTotal. Upon execution, UraLocker encrypts files and appends its extension (".rdplocked"). For example, it renames "1.jpg" to "1.jpg.rdplocked" and "2.png" to "2.png.rdplocked". UraLocker also chang