Mammon is a malicious program categorized as ransomware, not to be confused with the Makop ransomware of the same name. Malware within this category is designed to encrypt data and demand payment for its decryption. On our test machine, Mammon encrypted files and changed their names. Original fil
Our researchers discovered the Koqlpo Cynav Tool PUA (Potentially Unwanted Application) while inspecting suspicious sites. This app operates as a dropper for the Legion Loader malware. It is noteworthy that installation setups like the one containing Koqlpo Cynav Tool often include multiple pieces
We have inspected the page (claim-4g5.pages[.]dev) and concluded that it is a copy of the original ZORA (zora.co) site. The fake website offers users the chance to claim $ZORA tokens as a lure. Its purpose is to trick individuals into taking actions that can lead to the theft of their cryptocurren
Our analysis of flyforads[.]top shows that the site uses a clickbait technique to convince users to allow it to send notifications. After permission is granted, it floods users with deceptive messages that can lead to untrustworthy websites. For this reason, users should avoid granting flyforads[.
We have inspected hilierigurrious[.]com and discovered that it uses clickbait to lure visitors into accepting its notifications. Once permission to show notifications is granted, hilierigurrious[.]com bombards users with fake warnings, alerts, offers, and similar content to promote shady websites.
Bert is ransomware designed to encrypt files and append its extension (".encryptedbybert") to filenames. An example of how the ransomware renames files: it changes "1.jpg" to "1.jpg.encryptedbybert", "2.png" to "2.png.encryptedbybert", etc. Upon encryption, Bert drops a ransom note (".note.txt") c
We have examined sweprotect.co[.]in and concluded that it is an untrustworthy website that displays a misleading message to deceive visitors into allowing it to send notifications. If permitted, sweprotect.co[.]in can show notifications containing fake warnings and similar messages. Thus, users sh
Our review of the email reveals that it is a fraudulent message designed to mislead recipients into believing they have won a large sum of money. Scammers behind these schemes often aim to steal personal information or convince victims to send payments. Such emails should be ignored. This
Our researchers discovered the prokermonantam.co[.]in rogue page while investigating dubious websites. After examining this webpage, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/malicious) sites. The majority of visitors to prokermonanta
After inspecting this "Payment Has Been Remitted Into Your Account" email, we determined that it is malspam. The purpose of this spam campaign is to infect recipients' devices with malware by using a thirty thousand payment remittance notification as a lure. The spam email with the subject