After examining this "Account Verification Alert" email, we determined that it is spam. This fake message warns the recipient that they will experience email service interruptions or even lose their account if they do not verify it. This phishing campaign targets email account log-in credentials.
Mammon is a malicious program categorized as ransomware, not to be confused with the Makop ransomware of the same name. Malware within this category is designed to encrypt data and demand payment for its decryption. On our test machine, Mammon encrypted files and changed their names. Original fil
Our researchers discovered the Koqlpo Cynav Tool PUA (Potentially Unwanted Application) while inspecting suspicious sites. This app operates as a dropper for the Legion Loader malware. It is noteworthy that installation setups like the one containing Koqlpo Cynav Tool often include multiple pieces
We have inspected the page (claim-4g5.pages[.]dev) and concluded that it is a copy of the original ZORA (zora.co) site. The fake website offers users the chance to claim $ZORA tokens as a lure. Its purpose is to trick individuals into taking actions that can lead to the theft of their cryptocurren
Our analysis of flyforads[.]top shows that the site uses a clickbait technique to convince users to allow it to send notifications. After permission is granted, it floods users with deceptive messages that can lead to untrustworthy websites. For this reason, users should avoid granting flyforads[.
We have inspected hilierigurrious[.]com and discovered that it uses clickbait to lure visitors into accepting its notifications. Once permission to show notifications is granted, hilierigurrious[.]com bombards users with fake warnings, alerts, offers, and similar content to promote shady websites.
Bert is ransomware designed to encrypt files and append its extension (".encryptedbybert") to filenames. An example of how the ransomware renames files: it changes "1.jpg" to "1.jpg.encryptedbybert", "2.png" to "2.png.encryptedbybert", etc. Upon encryption, Bert drops a ransom note (".note.txt") c
We have examined sweprotect.co[.]in and concluded that it is an untrustworthy website that displays a misleading message to deceive visitors into allowing it to send notifications. If permitted, sweprotect.co[.]in can show notifications containing fake warnings and similar messages. Thus, users sh
Our review of the email reveals that it is a fraudulent message designed to mislead recipients into believing they have won a large sum of money. Scammers behind these schemes often aim to steal personal information or convince victims to send payments. Such emails should be ignored. This
Our researchers discovered the prokermonantam.co[.]in rogue page while investigating dubious websites. After examining this webpage, we determined that it promotes browser notification spam and redirects users to other (likely unreliable/malicious) sites. The majority of visitors to prokermonanta