Our team has discovered Iron Lock while inspecting samples uploaded to VirusTotal. Our analysis shows that Iron Lock is ransomware based on Chaos. Once executed, it encrypts data, appends four random characters to filenames (adds its extension), and creates a ransom note ("READ ME.txt"). An examp
We have tested privacyguardiansearch.com and found it to be a fake search engine promoted via an extension called Privacy Guardian by Secure Shell, a browser hijacker. Fake search engines (and browser hijackers) can cause privacy issues (and potentially other problems). Thus, users should avoid us
Secureshieldsearch.com is a fake search engine that cannot generate search results and redirects to legitimate Internet search sites. We observed this webpage being promoted by “Secure Shield by Secure Shell”. However, other browser hijackers could endorse secureshieldsearch.com. Keep in mind that
Our research team discovered the safedomains.net fake search engine while examining the Safe Domains by Secure Shell browser hijacker. This extension is presented as a tool that checks domain information before proceeding with a search. However, safedomains.net could be promoted by other software
After inspecting this "DocuSign - Industrial Estate Project" email, we determined that it is fake. This spam message informs the recipient that they must sign the shared document within 48 hours to maintain compliance, funding, and project launch. This is a malspam campaign spreading malicious sof
After examining this "IMAP/POP3 Configuration Error" email, we determined that it is spam. The message claims the recipient has pending emails due to service disruptions. The goal of this phishing campaign is to trick recipients into revealing their email account log-in credentials. The sp
Our examination has revealed that this site (phanstart[.]live) mimics the original Phantom platform, phantom.com. It is designed to trick visitors into believing they can receive free tokens by following the provided steps. However, there is no giveaway on phanstart[.]live and falling for this sca
Our researchers discovered news-lufimi[.]cc while browsing suspicious webpages. This rogue site is designed to promote browser notification spam. It can also redirect users to other (likely unreliable/harmful) websites. Most visitors to news-lufimi[.]cc and analogous pages access them via redirect
News-lihado[.]cc is a rogue webpage discovered by our researchers while investigating suspicious sites. After examining this page, we learned that it promotes spam browser notifications and generates redirects to different (likely untrustworthy/dangerous) websites. The majority of visitors to new
We have examined the email and found it to be a phishing attempt disguised as an important notification from Wells Fargo. It includes a link to a fake website designed to steal personal information from unsuspecting individuals. This scam email should be ignored and deleted if received. Th