The fake Google Docs Offline extension is a malicious Chrome extension that masquerades as a real Google tool. It is injected as part of a larger attack and is used to spy on users. Once planted, it can log what victims type, steal cookies, login sessions, and capture screenshots. If present on a
We have reviewed the email and found that it is a scam disguised as a final notice from a cloud service. The scammers behind it seek to trick recipients into opening a misleading website and following the provided instructions. None of the claims in this email (or the associated scam sites) is tru
Vect is ransomware that we have discovered while inspecting malware samples uploaded to VirusTotal. Once a system is infected, this ransomware encrypts and renames files, changes the desktop wallpaper, and drops a ransom note ("!!!_READ_ME_!!!.txt"). An example of how it renames files: it changes
Our assessment indicates that huverify.co[.]in is set up to manipulate visitors into enabling notifications. Once permission is given, it can push deceptive alerts, fraudulent promotions, and other questionable content intended to drive traffic to unreliable websites. Users are advised not to trus
Our analysis shows that cholablelogne[.]com is designed to trick users into accepting its notifications. If permission is granted, it may send misleading alerts, fake offers, and other unreliable contend used to promote shady websites. Users should avoid visiting cholablelogne[.]com and never allo
SnappyClient is malware delivered through HijackLoader. It is written in C++ and used by cybercriminals to remotely control infected devices (as a remote administration Trojan) and steal data. Once a system is infected, SnappyClient can communicate with a C2 server to receive instructions.
Torg is an information-stealing malware that grabs data from infected devices. It sends stolen information to attackers using an API system. Torg is sold as part of a malware-as-a-service (MaaS) operation. If Torg is detected on a system, it should be removed as soon as possible. Torg targ
Miolab (also known as Nova) is an information stealer targeting macOS users. It is sold to cybercriminals via hacker forums using the Malware-as-a-Service (MaaS) model. Miolab can steal information from cryptocurrency wallet extensions, web browsers, and various managers, and can grab files from
Bear is ransomware from the MedusaLocker family. We have discovered it while examining malware samples uploaded to VirusTotal. When executed, Bear encrypts files and appends its extension. It also changes the desktop wallpaper and creates the "READ_NOTE.html" file, a ransom note. Bear appends the
Our findings indicate that orbitboostlabs[.]com is a site designed to deceive visitors into enabling notifications. If allowed, it can send fraudulent alerts and deceptive offers that promote unreliable websites. Users should avoid visiting orbitboostlabs[.]com and never allow websites of this kin