While browsing new submissions to VirusTotal, our researchers discovered Chunago.app adware. This application is part of the Pirrit adware family. Chunago.app is designed to generate revenue for its developers/publishers through advertising. Adware stands for advertising-supported softwa
Our research team discovered Lathy.app while investigating new file submissions to the VirusTotal website. After inspecting this application, we learned that it is adware from the Pirrit family. Advertising-supported software is designed to generate revenue for its developers/publishers through
While investigating suspicious sites, our research team discovered this "Resolv Discord Verification" scam. It masquerades as the Resolv protocol website (resolv.xyz). The fake webpage requests users to complete a Discord verification process – the goal is to deceive them into exposing their digit
We have analyzed snescouremast[.]com and determined that it is a deceptive website that uses clickbait to trick users into granting it permission to deliver notifications. Once allowed, the site can flood users with misleading messages intended to drive traffic to other untrustworthy websites (inc
As its name suggests, Blaze Browser is a web browser. We discovered it on a shady website and, upon inspection, concluded that it is an unwanted application that promotes a fake search engine. Because of these findings, users should avoid installing Blaze Browser and uninstall it if it is already
We have inspected Resile.app and discovered that this is an advertising-supported application flagged as malicious by multiple security vendors. An additional finding is that Resile.app belongs to the Pirrit family. Users should avoid installing this app as it can expose them to scams, privacy r
MARK is ransomware belonging to the Makop family. Our discovery of MARK occurred during an inspection of malware samples submitted to VirusTotal. We found that MARK encrypts files and appends its extension (along with the victim's ID and an email address) to them. For example, it renames "1.jpg"
Our team has inspected the page (aiiocation-hyperlendx[.]com) and found that it is a copy of the original HyperLend website (hyperlend.finance). The fraudulent site is crafted to closely mimic the legitimate one, aiming to deceive users into taking actions that could result in significant financia
"Your Document Has Been Held In A Queue" is a spam email. It informs the recipient of a file sent to them. The email attachment is a phishing file that records account credentials (passwords) entered into it. The spam email with the subject "Pending Notification: Admin is sharing a file wi
While inspecting suspicious websites, our researchers discovered the TuneFinder browser extension. It is promoted as an easy-access tool to song lyrics and related information (e.g., artist discographies, album details, etc.). After analyzing this extension, we determined that it is advertising-su