Our inspection of this "Expiration Notification" email revealed that it is spam. This message claims that the recipient's email account password will expire in 24 hours. The risk of failing to update the log-in credentials is the permanent deactivation of the account. The goal of this phishing mai
"E-mail Administrator" is a spam email that, upon inspection, we determined to be a phishing scam. This message informs the recipient about undelivered emails and urges them to resolve the issue. The spam campaign aims to obtain email account log-in credentials (passwords). The spam email
PS1Bot is the name of a malicious software that is essentially a multi-stage malware framework. It is a modular malware that utilizes various modules to perform malicious activities on infected devices. PS1Bot has been used to ensure persistence on systems, gather sensitive data, and carry out ot
Our team has examined the page (memesprotocol[.]net) and found that it runs a crypto scam. It imitates the original Memes Protocol platform (memesprotocol.xyz) to deceive visitors into taking actions that allow scammers to steal their cryptocurrency. This deceptive site should not be trusted.
We analyzed the email and determined it is a fake message pretending to be from DHL. Its goal is to trick recipients into clicking the link and providing personal information. This type of scam is called phishing, and recognizing (and ignoring) such emails prevents potential risks. The sca
While browsing suspicious sites, our research team found the inigrattic[.]com rogue webpage. It operates by promoting browser notifications spam and redirecting visitors to other (likely dubious/dangerous) sites. Inigrattic[.]com and pages akin to it are primarily accessed via redirects generated
GodRAT is a remote access Trojan (RAT) built on the Gh0st RAT source code. It shares similarities with AwesomePuppet, another RAT. GodRAT can be expanded with extra plugins that give attackers more capabilities. Cybercriminals use it to steal information and deploy additional payloads. God
Our analysis of inroadslab[.]com shows that the site is crafted to convince visitors to enable its notifications. Once allowed, it can send deceptive alerts that direct users to other unreliable websites. Users should avoid visiting inroadslab[.]com and close the page if they ever visit it.
Our researchers found the iasninancuka[.]com rogue webpage during a routine investigation. After examining this page, we determined that it endorses spam browser notifications and generates redirects to different (likely unreliable/malicious) websites. Most visitors to iasninancuka[.]com and simi
Matrix is ransomware (belonging to the Proton family) that our team discovered during an examination of samples uploaded to VirusTotal. Our examination shows that Matrix encrypts files and changes their filenames by replacing their names with a random string and appending the ".matrix" extension.