Our analysis shows that DEVMAN 21 is ransomware designed to encrypt files. We discovered it while inspecting samples uploaded to VirusTotal. Once executed, DEVMAN 21 not only encrypts data, but it also appends its extension (".devman21") to files and drops a text file ("!!!_README_!!!.txt") contai
Our team has checked the email and found that it is a phishing message. The scammers behind it seek to trick recipients into visiting a fake website and entering personal information. Victims of this scam may have their cryptocurrency stolen and possibly encounter other issues. Thus, this email sh
Logaldaerved[.]com is a rogue webpage discovered by our research team during a routine inspection of suspicious sites. After examining this page, we learned that it promotes spam browser notifications and generates redirects to various (likely unreliable/dangerous) websites. The majority of visit
Our researchers discovered "The Official 67 Coin" airdrop during a routine inspection of deceptive websites. Upon further investigation, we determined that this airdrop is fake. It operates as a cryptocurrency drainer – by stealing funds from exposed cryptowallets. IMPORTANT NOTE: We do not
After examining this "iCloud Payment Method Declined" email, we determined that it is fake. This spam message informs recipients that their cloud storage is full and the subscription payment failed. If it is not renewed within three days, the data saved in the cloud will be deleted. It must be em
While reviewing file submissions to the VirusTotal site, our research team discovered the Cod ransomware. This malicious program is part of the Makop ransomware family. Malware of this kind encrypts data and demands a ransom for the decryption. Once we executed a sample of Cod on our test machine
DroidLock is Android malware that behaves much like ransomware. However, unlike typical ransomware, it does not encrypt files. The malware blocks victims from using their devices and can view or even delete different types of data. Cybercriminals utilize DroidLock to extort money from victims.
Our researchers discovered the AdBlocker Expert rogue browser extension while browsing suspicious websites. This software is promoted as an ad-blocking tool; however, upon analysis, we determined that it operates as adware. Adware stands for advertising-supported software. It is designed t
Upon examining forthdoosymellm[.]com, we found that it is designed to trick visitors into allowing notifications. This website is untrustworthy and may send misleading alerts promoting other unsafe sites. If opened, forthdoosymellm[.]com should be closed and never permitted to send notifications t
Cooseagroup is a ransomware discovered by our researchers during a routine inspection of new file submissions to the VirusTotal website. Malware of this kind operates by encrypting data in order to demand a ransom for its decryption. On our test machine, Cooseagroup encrypted files and modified t