Sorillus is a multifunctional remote administration trojan (RAT) based on Java that is offered as malware-as-a-service. The attackers behind Sorillus RAT use fake invoice-themed emails as their main method of delivering the malware. The developers offer the RAT for sale at €59.99 for lifetime acce
While investigating untrustworthy websites, our research team discovered the SafeWatch PUA (Potentially Unwanted Application). In most cases, software within this classification has harmful capabilities. Hence, the presence of unwanted programs on a device poses a risk to device integrity and user
We have examined the page (token-echoprotocol[.]xyz) and discovered that it is a fraudulent copy of the original Echo Protocol site (echo-protocol.xyz). The fake site is designed to trick visitors into believing that they can claim tokens. However, the real goal is to steal cryptocurrency from vic
Our analysis of the site (gift-2x[.]com) shows that it is designed to steal cryptocurrency. The page offers an "exclusive token reward" as a lure. Falling for this scam can result in financial losses. Thus, users should be careful when encountering such pages and verify their legitimacy before tak
Our researchers reviewed the "Aetna Sent You A Secure Message" email and determined that it is fake. It informs the recipient of a secure message sent by the Aetna healthcare company. The goal of this spam campaign is to deceive recipients into disclosing their email account log-in credentials to
Our analysis of neprierenistro.co[.]in shows that its purpose is to display unwanted notifications. It cannot push these notifications without the user's permission, which the site tries to obtain using a deceptive method. It is highly advisable to avoid visiting neprierenistro.co[.]in and never p
While investigating new submissions to VirusTotal, our research team found the AMERILIFE ransomware. This malware operates by encrypting files in order to demand payment for the decryption. On our testing system, AMERILIFE encrypted data and added a ".ameriwasted" extension to the names of affect
Our analysis has shown that this email is a phishing scam disguised as an account cancellation notice. It is designed to deceive recipients into visiting a fake website and providing sensitive information. Messages like this should be identified as scams and deleted without clicking links or reply
After reviewing the email, it is clear that it is a phishing scam disguised as a notification about pending messages. The scammers aim to deceive recipients into visiting a fake website and disclosing personal information. Emails like this should be identified as fraudulent and deleted without int
After inspecting this "Suspicious Logins To Your Mailbox" email, we determined that it is spam. The purpose of this scam message is to lure recipients into disclosing their email log-in credentials to a phishing website by claiming that suspicious sign-in attempts to their account have been detect