Our research team discovered RESOR5444 malware while inspecting new submissions to VirusTotal. This malicious program is categorized as ransomware. It operates by encrypting data and demanding ransoms for the decryption. On our test machine, RESOR5444 encrypted files and added an extension compos
PAKLOG is a type of malware called a keylogger. It tracks what the victim types on their keyboard and monitors what they copy to the clipboard. It collects and saves this information in a file on the infected computer. However, PAKLOG cannot send the data to cybercriminals directly, which means th
We have inspected rectionip.co[.]in and discovered that it is one of the many deceptive websites designed to trick visitors into allowing them to show notifications. Once permission is granted, rectionip.co[.]in bombards users with notifications containing fake warnings and other misleading messag
Our inspection of the "Shared-File Attachments" email revealed it to be spam. This message claims that the recipient has been sent remittance advice in a password-protected file. This spam mail aims to trick recipients into disclosing their email account log-in credentials to a phishing site.
While investigating untrustworthy websites, our research team discovered this fake "Multipli ($MULTI) Registration" site. It impersonates Multipli (multipli.fi), yet the scam bears no association with this platform. The imitator webpage promotes a cryptocurrency drainer that steals digital assets
After examining this "Quote For Delivery Price And Time" email, we learned that it is spam. This is a phishing email that targets recipients' account log-in credentials (passwords) through an RfQ (Request for Quotation) themed lure. The spam email with the subject "Request for Quotation: U
Gunra is the name of a ransomware-type program. This piece of malicious software operates by encrypting data and demanding ransoms for the decryption. On our test machine, Gunra encrypted files and appended their names with a ".ENCRT" extension. For example, an original filename such as "1.jpg" a
Our analysis of levelupconnection.co[.]in has shown that it is a deceptive website. It uses clickbait to obtain permission to send notifications. Notifications from levelupconnection.co[.]in include fake warnings and other misleading content. Users should avoid granting permission to show notifica
SuperCard X is a mobile malware targeting Android users. It is offered to cyber criminals through a Malware-as-a-Service (MaaS) model. The attackers focus on customers of banks and credit card companies, with the goal of stealing their payment card information. Victims of SuperCard X are strongly
Our research team discovered the livecubewordopiafile[.]monster rogue page during a routine inspection of suspect websites. Upon examination, we learned that this webpage endorses dubious software and browser notification spam. It also redirects users to other (likely unreliable/hazardous) sites.