While inspecting new submissions to the VirusTotal website, our researchers discovered the ELDER malicious program. It is based on the Beast ransomware. Software within this classification is designed to encrypt data and demand ransoms for the decryption. After we executed a sample of ELDER (Beas
Odyssey is a variant of AMOS (Atomic) stealer malware targeting macOS users. It is designed to pilfer sensitive information from infected devices, including files, app data, and cryptocurrency wallets. Victims of this stealer can suffer monetary loss, become victims of identity theft, and encoun
After testing the WebImprovment app, we found it to be adware. This app displays intrusive and potentially deceptive ads that may lead users to unreliable websites. Additionally, several security vendors have flagged WebImprovment as malicious, making it advisable to avoid installing this app.
We have tested the WebProtocol application and discovered that it is adware. This app can display annoying and sometimes misleading advertisements designed to promote shady web pages. Moreover, multiple security vendors have flagged WebProtocol as malicious, so users should avoid installing it.
Octowave is a loader-type malware. Programs within this classification are designed to load (i.e., infiltrate) additional malicious software or components onto systems. Octowave has proliferated through steganography – a rather uncommon technique involving the sophisticated concealment of malicio
CoffeeLoader is a sophisticated malware loader designed to deploy other malicious software while avoiding detection. It uses advanced techniques (including call stack spoofing, sleep obfuscation, and GPU-based execution) to bypass security measures. Cybercriminals have been spotted using CoffeeLoa
This "$GROK Presale" is a scam. This fake page is presented as an exclusive GROK token presale event. The likely goal of this scam is to extract sensitive user data. It must be stressed that this bogus presale is not associated with Grok or any other legitimate services and entities. IMPORTA
RALord is a ransomware-type program written in the Rust programming language. This malicious program encrypts files and demands payment for the decryption. On our test machine, RALord renamed the affected files by appending their names with a ".RALord" extension. For example, a file initially tit
Our analysis of ArchiveAccess reveals that its primary function is to display advertisements, classifying it as adware. Notably, several security vendors flag ArchiveAccess as malicious. As a result, the advertisements it generates can be misleading, often directing users to unreliable websites.
While investigating suspect websites, our research team discovered the asyetaprovinc[.]org rogue page. It promotes browser notification spam and redirects users to different (likely unreliable/malicious) sites. Asyetaprovinc[.]org and webpages akin to it are primarily accessed via redirects produ