During an examination of malware samples uploaded to VirusTotal, we discovered Phantom, a ransomware developed using an open-source ransomware project known as Hidden Tear. Once executed, Phantom encrypts files and appends its extension (".Phantom") to files. For instance, it renames "1.jpg" to "1
Our analysis has revealed that this website (gigglepartners[.]xyz) is a copy of the GiggleFund web page (giggletoken.com). The purpose of this fake page is to steal cryptocurrency from victims. Like most scams of this type, it offers free cryptocurrency as a lure. Users should avoid interacting wi
While browsing dubious websites, our research team found the SecurePass PUA (Potentially Unwanted Application). It is presented as a tool capable of creating secure passwords and checking their strength. Unwanted apps are distributed using questionable or downright deceptive methods, and they ofte
LeakMonitorLive is a Potentially Unwanted Application (PUA) that claims to verify whether an email address has been compromised in a data breach. Software within this classification is distributed using dubious and deceptive methods. In many cases, PUAs have harmful capabilities and are considered
Our research team found the "Security Checkup In Progress" scam during a routine inspection of dubious websites. It claims that the user's device is infected and urges them to address the detected issues. Typically, scams of this kind are used to promote software. Upon accessing a site run
While investigating suspicious sites, our researchers discovered the CallGuard PUA (Potentially Unwanted Application). This app claims to protect users from unwanted calls by aiding with unknown number identification. Software can fall into the PUA classification due to the dubious methods used fo
Our team reviewed Easy2Convert and determined that it is an unwanted application. While it claims to quickly convert files to PDF, multiple security vendors flag it (and its installer) as malicious. Because of this, we suspect it may perform harmful activities on users’ systems. Overall, Easy2Conv
Our researchers discovered the texonnero.co[.]in rogue page while browsing suspicious websites. After examining this webpage, we determined that it endorses browser notification spam and redirects users to different (likely untrustworthy/malicious) sites. Most visitors to texonnero.co[.]in and pa
Our inspection of the "Invoice Payment Confirmation" email revealed that this message is fake. It is presented as a notification concerning a payment, an alert about a sent invoice. The goal of this spam campaign is to trick recipients into disclosing their email account log-in credentials to a ph
During our inspection, we found that news-fujaya[.]cc is a deceptive site that uses clickbait to get permission to send notifications. If news-fujaya[.]cc is allowed to show notifications, it can deliver fake alerts, warnings, offers, and similar content to promote untrustworthy pages. New