After analyzing this email scam, we concluded that it is a phishing email used to steal sensitive information. Scammers behind it pretend to be the Binance team. Their goal is to trick users into believing that they can receive 0.10 BNB tokens for linking their wallet with a Binance account via th
It is a phishing scam used to trick unsuspecting users into providing credit card details. Scammers use a deceptive website disguised as the official Apple page to extract information. That site is promoted using other pages that use rogue advertising networks and mobile text messages (smishing
Our team has analyzed this email and found that it is disguised as a letter from a bank called Raiffeisen (a legitimate banking company). It is written in the Czech language and contains a website link. Scammers behind it attempt to trick recipients into providing sensitive information on a decept
We have discovered the mini dark browser extension while examining deceptive websites. After downloading and installing this app, we learned that it operates as a browser hijacker. It changes the settings of a web browser to promote a fake search engine (getsins.com). Thus, the mini dark is not a
Borat is the name of a remote access Trojan (RAT). Cybercriminals use RATs to obtain access and remote control on the infected computers. The Borat RAT can be used to deliver ransomware, log keystrokes, perform DDoS attacks, steal login credentials from browsers, and more. Borat includes a
RED TEAM is ransomware that we have discovered while examining the malware samples submitted to VirusTotal. It was found that this ransomware belongs to the Babuk family. It encrypts files, appends the ".REDTM" extension to filenames, and creates the "HowToDecryptYourFiles.txt" file (a ransom note
Bec is the name of a new Sojusz ransomware variant. After examining this variant, we found that it encrypts files, appends a string of random characters, the beacon@jitjat.org email address, and ".bec" extension to filenames. It also creates the "!!!HOW_TO_DECRYPT!!!.txt" file that contains a rans
Flskon[.]click is an untrustworthy website that runs a scam similar to "Dear [ISP name] user, Congratulations!" and asks for permission to show notifications. We discovered this site while examining various illegal movie streaming pages and torrent sites (and other pages that use rogue advertising
Our team has discovered the Dark-View browser extension on a deceptive website claiming that it might be required to install this app (for an unspecified reason). We have examined Dark-View and found that it is an advertising-supported application - it generates unwanted advertisements. Ty
F5Z8A is the name of a ransomware variant that we have discovered while analyzing malware samples submitted to the VirusTotal page. It was found that F5Z8A encrypts files and appends the ".F5Z8A" extension to filenames. It also generates a ransom note (the "@@@ To Restore Your Files.txt" file) con