MARK is ransomware belonging to the Makop family. Our discovery of MARK occurred during an inspection of malware samples submitted to VirusTotal. We found that MARK encrypts files and appends its extension (along with the victim's ID and an email address) to them. For example, it renames "1.jpg"
Our team has inspected the page (aiiocation-hyperlendx[.]com) and found that it is a copy of the original HyperLend website (hyperlend.finance). The fraudulent site is crafted to closely mimic the legitimate one, aiming to deceive users into taking actions that could result in significant financia
"Your Document Has Been Held In A Queue" is a spam email. It informs the recipient of a file sent to them. The email attachment is a phishing file that records account credentials (passwords) entered into it. The spam email with the subject "Pending Notification: Admin is sharing a file wi
While inspecting suspicious websites, our researchers discovered the TuneFinder browser extension. It is promoted as an easy-access tool to song lyrics and related information (e.g., artist discographies, album details, etc.). After analyzing this extension, we determined that it is advertising-su
We have tested keyguard-websecure.com and found that it is a fake search engine. Moreover, we discovered that it is promoted through a browser extension that operates as a browser hijacker. Therefore, users should avoid visiting keyguard-websecure.com and remove it from the settings of a web brows
While investigating untrustworthy sites, our researchers discovered this fake "$TURBO" webpage (turbotoken[.]io; possibly others). Users who try to participate in this bogus airdrop expose their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated wit
Our researchers discovered quicknetshift.co[.]in while browsing suspect websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Most users access quicknetshift.co[.]in and webpages ak
TransferLoader is a malware loader that the attackers have used since at least February 2025. It consists of several components: a downloader, a backdoor, and a separate module designed to deploy the backdoor. Cybercriminals have been observed using TransferLoader to deploy ransomware. If detected
Retrorevivesearch.com is a fake search engine our researchers discovered while analyzing the Retro Revive browser hijacker. This extension is supposedly designed to create a retro aesthetic for new browser tabs. Browser hijackers promote these webpages by modifying browser settings. It is notewort
Recipio is promoted as a browser extension (or add-on) that helps users find recipes online by narrowing search results to cooking-related content, making it easier to discover meal ideas, detailed recipes, and step-by-step instructions without unrelated distractions. However, our analysis shows t