BlackFL (also known as BlackField) is ransomware that we discovered while inspecting samples submitted to VirusTotal. After execution, BlackFL encrypts files, provides a ransom note ("BlackField_ReadMe.txt"), and appends its extension (".BlackFL") to files. For example, it renames "1.jpg" to "1.jp
While inspecting new submissions to VirusTotal, our researchers discovered the AIR ransomware. This malicious program belongs to the Makop ransomware family. Malware of this kind is designed to encrypt data and demand ransoms for the decryption. On our test machine, AIR (Makop) ransomware encrypt
We have inspected the email and concluded that it is a phishing attempt. It is designed to appear as a message from an email service provider and contains a link to a fake site. The goal is to steal personal information from recipients. Such emails should be ignored and deleted. The phishi
Our analysis of the site (paragaming.claim-portal[.]live) has uncovered that it is a deceptive page mimicking the original Param Gaming site (paramgaming.com). The scammers behind the fake website aim to trick visitors into performing steps that could lead to financial loss. Thus, it is important
Our research team found the larygeously.co[.]in rogue page while investigating suspect websites. It operates by endorsing spam browser notifications and producing redirects to different (likely untrustworthy/dangerous) sites. Larygeously.co[.]in and similar webpages are primarily accessed through
After inspecting this "Default Judgement" email, we determined that it is fake. This spam message states that the recipient has two days to submit a response or the court judgment will default. It must be emphasized that this email is fraudulent and not associated with any legitimate judicial bod
While browsing dubious sites, our research team found this fake "Kelp Staking" webpage. This fraudulent staking platform promotes a cryptocurrency drainer; basically, it steals funds from exposed digital wallets. It must be emphasized that regardless of any potential similarities with existing pro
Bridgechainnet[.]com is a rogue page discovered by our researchers during a routine investigation of questionable websites. This webpage is designed to promote browser notification spam and generate redirects to other (likely dubious/malicious) sites. Most visitors to pages like bridgechainnet[.]c
After reading this "Have You Heard Of Hermit" email, we determined that it promotes a sextortion scam. It claims that the recipient's devices were infected with malware, which was used to collect private data and record a sexually explicit video of the user. The spam message threatens to leak the
Our research team found the oroectua.co[.]in rogue page while browsing dubious websites. After inspecting this webpage, we determined that it promotes browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. Most visitors access oroectua.co[.]in and simil